Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wg7SDQAffQ.exe

Overview

General Information

Sample name:wg7SDQAffQ.exe
renamed because original name is a hash value
Original sample name:4a73123f397a6b45269dbedb40622967.exe
Analysis ID:1568320
MD5:4a73123f397a6b45269dbedb40622967
SHA1:12f348c5c9b10548797c0bf8e3098254a69d1a23
SHA256:a9ce2c8a98a02f9f90bb4b649a34a5decc294c60f66c2365cd06d4f787343472
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • wg7SDQAffQ.exe (PID: 7604 cmdline: "C:\Users\user\Desktop\wg7SDQAffQ.exe" MD5: 4A73123F397A6B45269DBEDB40622967)
    • wg7SDQAffQ.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\wg7SDQAffQ.exe" MD5: 4A73123F397A6B45269DBEDB40622967)
      • svchost.exe (PID: 7860 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 8016 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 8080 cmdline: C:\Windows\system32\WerFault.exe -u -p 8016 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 7936 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 412 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbu"}
SourceRuleDescriptionAuthorStrings
00000004.00000003.1602883606.0000000002DF0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000003.00000003.1598941917.0000000000940000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000004.00000002.1699178661.0000000003350000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            3.3.wg7SDQAffQ.exe.3150000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.svchost.exe.5490000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                4.3.svchost.exe.5490000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  4.3.svchost.exe.5270000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.wg7SDQAffQ.exe.2f30000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\wg7SDQAffQ.exe, ProcessId: 7604, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\wg7SDQAffQ.exe", ParentImage: C:\Users\user\Desktop\wg7SDQAffQ.exe, ParentProcessId: 7812, ParentProcessName: wg7SDQAffQ.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7860, ProcessName: svchost.exe
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\wg7SDQAffQ.exe", ParentImage: C:\Users\user\Desktop\wg7SDQAffQ.exe, ParentProcessId: 7812, ParentProcessName: wg7SDQAffQ.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7860, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T14:47:25.325701+010028548021Domain Observed Used for C2 Detected104.37.175.2217575192.168.2.849707TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0.2.wg7SDQAffQ.exe.674fd2.1.raw.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbu"}
                      Source: wg7SDQAffQ.exeReversingLabs: Detection: 18%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                      Source: wg7SDQAffQ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601383393.0000000003050000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606331352.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606570792.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1600249255.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600535899.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604404617.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604829475.0000000005460000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1600988493.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600863618.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605705920.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605913269.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1600249255.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600535899.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604404617.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604829475.0000000005460000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1600988493.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600863618.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605705920.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605913269.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601383393.0000000003050000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606331352.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606570792.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_000002AB524E0511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.221:7575 -> 192.168.2.8:49707
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: Malware configuration extractorURLs: https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbu
                      Source: global trafficTCP traffic: 192.168.2.8:49707 -> 104.37.175.221:7575
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000004.00000002.1699004063.000000000310C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1699004063.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1698441483.0000000002CCC000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbu
                      Source: svchost.exe, 00000004.00000002.1699004063.000000000310C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1699004063.0000000003100000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbukernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000004.00000002.1698441483.0000000002CCC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbux
                      Source: svchost.exe, 00000004.00000003.1624984632.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.1624984632.00000000031A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: wg7SDQAffQ.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_831309f4-a
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_e4b8cf34-a
                      Source: Yara matchFile source: 3.3.wg7SDQAffQ.exe.3150000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5490000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5490000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5270000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.wg7SDQAffQ.exe.2f30000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: wg7SDQAffQ.exe PID: 7812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7860, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002AB524E1AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000002AB524E1AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002AB524E1CF4 NtAcceptConnectPort,CloseHandle,8_2_000002AB524E1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002AB524E0AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000002AB524E0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002AB524E15C0 NtAcceptConnectPort,8_2_000002AB524E15C0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007A81D23_3_007A81D2
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_0079C2313_3_0079C231
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_0079C4003_3_0079C400
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0040A0203_2_0040A020
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0042D3003_2_0042D300
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0042D39B3_2_0042D39B
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004033A13_2_004033A1
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0042D4F93_2_0042D4F9
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0041B4B03_2_0041B4B0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004206703_2_00420670
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004166213_2_00416621
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0045E8703_2_0045E870
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0047DA003_2_0047DA00
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_0040ACD03_2_0040ACD0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00429E103_2_00429E10
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00464EE03_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002AB524E0C708_2_000002AB524E0C70
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: String function: 0079CD90 appears 33 times
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 412
                      Source: wg7SDQAffQ.exeBinary or memory string: OriginalFilename vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1628086567.0000000002642000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627960613.0000000002419000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000000.00000000.1408894223.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1600988493.00000000031FD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003331000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1602856177.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601383393.0000000003050000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1600535899.00000000032A6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1599204027.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1600863618.0000000003053000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1600249255.00000000030A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002FC2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exe, 00000003.00000003.1601383393.00000000030A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs wg7SDQAffQ.exe
                      Source: wg7SDQAffQ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627960613.0000000002419000.00000040.00001000.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1602856177.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1599204027.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: wg7SDQAffQ.exe, wg7SDQAffQ.exe, 00000000.00000002.1627960613.0000000002419000.00000040.00001000.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1602856177.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1599204027.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8016
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-2d7e7f8-8bd5-6f04be-f42941dced54}
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\17b95792-0f05-4da9-81af-5d106eed5a6eJump to behavior
                      Source: wg7SDQAffQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: wg7SDQAffQ.exeReversingLabs: Detection: 18%
                      Source: wg7SDQAffQ.exeString found in binary or memory: ms-help:
                      Source: wg7SDQAffQ.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeFile read: C:\Users\user\Desktop\wg7SDQAffQ.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\wg7SDQAffQ.exe "C:\Users\user\Desktop\wg7SDQAffQ.exe"
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Users\user\Desktop\wg7SDQAffQ.exe "C:\Users\user\Desktop\wg7SDQAffQ.exe"
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 412
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8016 -s 136
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Users\user\Desktop\wg7SDQAffQ.exe "C:\Users\user\Desktop\wg7SDQAffQ.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: wg7SDQAffQ.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: wg7SDQAffQ.exeStatic file information: File size 2764800 > 1048576
                      Source: wg7SDQAffQ.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: wg7SDQAffQ.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x140000
                      Source: Binary string: wkernel32.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601383393.0000000003050000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606331352.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606570792.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1600249255.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600535899.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604404617.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604829475.0000000005460000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1600988493.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600863618.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605705920.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605913269.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1600249255.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600535899.0000000003120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604404617.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1604829475.0000000005460000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: wg7SDQAffQ.exe, 00000003.00000003.1600988493.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1600863618.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605705920.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1605913269.0000000005410000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1601268009.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601383393.0000000003050000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606331352.0000000005270000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606570792.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: wg7SDQAffQ.exe, 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: wg7SDQAffQ.exeStatic PE information: real checksum: 0x241059 should be: 0x2a571e
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AB86D push ebx; ret 3_3_007AB864
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AA840 push ebp; retf 3_3_007AA841
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AE83C pushad ; ret 3_3_007AE841
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AE80E push eax; iretd 3_3_007AE81D
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AA0F9 push FFFFFF82h; iretd 3_3_007AA0FB
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AD8A0 push 0000002Eh; iretd 3_3_007AD8A2
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007A8904 push ecx; ret 3_3_007A8917
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AB1DD push eax; ret 3_3_007AB1DF
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AE586 pushad ; retf 3_3_007AE599
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007A9F6A push eax; ret 3_3_007A9F75
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007AB70B push ebx; ret 3_3_007AB864
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D018C0 push ebp; retf 4_3_02D018C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D028ED push ebx; ret 4_3_02D028E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D0588E push eax; iretd 4_3_02D0589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D058BC pushad ; ret 4_3_02D058C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D0225D push eax; ret 4_3_02D0225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D06012 push 00000038h; iretd 4_3_02D0601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D05606 pushad ; retf 4_3_02D05619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D00FEA push eax; ret 4_3_02D00FF5
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 553B83A
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627960613.0000000002419000.00000040.00001000.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1602856177.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1599204027.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: wg7SDQAffQ.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: wg7SDQAffQ.exe, 00000000.00000002.1627960613.0000000002419000.00000040.00001000.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1602856177.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, wg7SDQAffQ.exe, 00000003.00000003.1599204027.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.1698760555.0000000003012000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1698734590.0000000003000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000004.00000002.1698780930.0000000003024000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007A9098
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_007A9277 mov eax, dword ptr fs:[00000030h]3_3_007A9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_02D00283 mov eax, dword ptr fs:[00000030h]4_3_02D00283
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Users\user\Desktop\wg7SDQAffQ.exe "C:\Users\user\Desktop\wg7SDQAffQ.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeMemory written: C:\Users\user\Desktop\wg7SDQAffQ.exe base: 770000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 3_3_0079CDD5 cpuid 3_3_0079CDD5
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\wg7SDQAffQ.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000004.00000003.1602883606.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1598941917.0000000000940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1699178661.0000000003350000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1608679470.0000000000C50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000004.00000003.1602883606.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1598941917.0000000000940000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1699178661.0000000003350000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1608679470.0000000000C50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation
                      1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      11
                      Masquerading
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services21
                      Input Capture
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Virtualization/Sandbox Evasion
                      LSASS Memory221
                      Security Software Discovery
                      Remote Desktop Protocol1
                      Archive Collected Data
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API
                      Logon Script (Windows)1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      Security Account Manager1
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection
                      NTDS1
                      Process Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets135
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      wg7SDQAffQ.exe18%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbux0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbukernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec0%Avira URL Cloudsafe
                      http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbu0%Avira URL Cloudsafe
                      No contacted domains info
                      NameMaliciousAntivirus DetectionReputation
                      https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbutrue
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.1624984632.00000000031A0000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.macromedia.comwg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                          high
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.1624984632.00000000031A0000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchwg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecwg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbuxsvchost.exe, 00000004.00000002.1698441483.0000000002CCC000.00000004.00000010.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampwg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.macromedia.com/bin/flashdownload.cgiwg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                              high
                              https://www.macromedia.com/support/flashplayer/sys/wg7SDQAffQ.exe, DiskTuner.exe.0.drfalse
                                high
                                https://104.37.175.221:7575/1b422f87470a4ca5005/t8wb8g4v.vevbukernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000004.00000002.1699004063.000000000310C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1699004063.0000000003100000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs
                                IPDomainCountryFlagASNASN NameMalicious
                                104.37.175.221
                                unknownUnited States
                                396073MAJESTIC-HOSTING-01UStrue
                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1568320
                                Start date and time:2024-12-04 14:46:07 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 8m 10s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:15
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:wg7SDQAffQ.exe
                                renamed because original name is a hash value
                                Original Sample Name:4a73123f397a6b45269dbedb40622967.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@9/6@0/1
                                EGA Information:
                                • Successful, ratio: 50%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target svchost.exe, PID 7860 because there are no executed function
                                • Execution Graph export aborted for target wg7SDQAffQ.exe, PID 7812 because there are no executed function
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: wg7SDQAffQ.exe
                                TimeTypeDescription
                                08:47:42API Interceptor1x Sleep call for process: WerFault.exe modified
                                14:47:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                14:47:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                No context
                                No context
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                MAJESTIC-HOSTING-01USReadme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.232
                                098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.232
                                loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.232
                                readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.232
                                Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.232
                                loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                • 191.96.140.127
                                file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                • 104.37.175.218
                                file.exeGet hashmaliciousRHADAMANTHYSBrowse
                                • 104.37.175.218
                                doc_1000050408072024.jsGet hashmaliciousRemcosBrowse
                                • 191.101.130.5
                                SLIM00260423 LIM-AMS-BOM.jsGet hashmaliciousRemcosBrowse
                                • 191.101.130.5
                                No context
                                No context
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):65536
                                Entropy (8bit):0.6600620104277182
                                Encrypted:false
                                SSDEEP:96:p4F+fPv7Q3egiqigKJjs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ24:iaDgyHnjxR0apYKjqzuiFeZ24lO8JO
                                MD5:E110220BFD3994BB3E783947BBD07F51
                                SHA1:8BC48605EFE84A379DFDA06CDAB47C28869DD093
                                SHA-256:ACD88480DEDBAAD52F7FC3F14D3FD7386CCDD660799AA16827EA743CE92DFC77
                                SHA-512:5F6EC727F21197528BCD29A34FD3D3281609DA40AD8976AF48780ACA10BFDD2AC0024B27406A5FA8CD065063579EFD6CDEC4B300505EF0F297A193F13F0045C8
                                Malicious:false
                                Reputation:low
                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.7.9.3.6.5.3.6.3.5.0.0.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.7.9.3.6.5.4.0.8.8.1.2.9.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.b.1.7.8.7.c.-.f.b.a.2.-.4.4.0.b.-.9.0.f.4.-.7.6.a.f.4.a.6.0.1.7.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.a.4.a.0.7.d.-.a.6.b.8.-.4.7.e.3.-.a.f.2.a.-.0.8.a.8.5.2.f.5.3.8.b.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.5.0.-.0.0.0.1.-.0.0.1.4.-.a.1.a.f.-.0.b.1.0.5.3.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 13:47:33 2024, 0x1205a4 type
                                Category:dropped
                                Size (bytes):45486
                                Entropy (8bit):1.3235714364716684
                                Encrypted:false
                                SSDEEP:96:5U83CKR3jBySfmHi7i7qLFNq4TkKXm213AdWIZDIgoV:xSvwOgFNq4NXJA3i
                                MD5:1A420B7B70C765CFF9E16911FA627109
                                SHA1:8C9F55A88F79896E3A07C6F570E938D14C070018
                                SHA-256:27EA9FE15D226D7A80BBC57DD928C4C05EB04B606D03E412B442693FB64CC47C
                                SHA-512:67537E4140471FEFEDB257C0BDB8005B69EF3608FF1C373898AA6555184D9C650BD1171B8BBF35C424C5A41057C454E0EF200F9A8D796989F0D4C3FCC234C15A
                                Malicious:false
                                Reputation:low
                                Preview:MDMP..a..... .......u]Pg....................................$...2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T.......P...r]Pg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):8622
                                Entropy (8bit):3.6933985883466205
                                Encrypted:false
                                SSDEEP:192:R6l7wVeJtbGJ6YEinnvgmfr57vnpD3q89bgunfOgm:R6lXJB46YBnnvgmfrFvBgufQ
                                MD5:DFA055E62986146D98CA2DA63BA07940
                                SHA1:B8D4586EB2607F105C0B09E664804A4823D0EED5
                                SHA-256:E1D7A127E4D87CDD0E4724A500BFB7BE7C8341B4BD3E684841F95376BBCA861C
                                SHA-512:EA391BC8BA520CFA1A2F5D7E7E2A626EFAFC94D9016A0D888BFA8C79EEC813DDC0476AA0FB97EC5E5609149EC341C1D0B57BEC4C32371D1DD64112ABB7C6D176
                                Malicious:false
                                Reputation:low
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.1.6.<./.P.i.
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):4853
                                Entropy (8bit):4.444072168728112
                                Encrypted:false
                                SSDEEP:48:cvIwWl8zsZcJg771I92trWpW8VYQYm8M4Jk5LvM6Fr2oyq8vU5LvMZaMu1Fd:uIjf8I7pta7VYJcjMsWsjMZ1uvd
                                MD5:57A45D5654BF9AF5BF5685AEDEB59DC6
                                SHA1:8228D62E266B169F51858E159E87AA43C99069B4
                                SHA-256:F4495D02B03B301604B479C7C5EF0AC5A170695FBF6BFD106ECDC0A6C5B498A9
                                SHA-512:3A84B908F587274978B0C00AFF3C78025AC9CF29EEEC2DC4BA1B2CA62B3EDFF38D3DF9DF0B965ADFE2D3FC945BED8BD51D9D06FAF197FC09F9C9CFCC8AEA3EEA
                                Malicious:false
                                Reputation:low
                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616610" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                Process:C:\Users\user\Desktop\wg7SDQAffQ.exe
                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):979567349
                                Entropy (8bit):0.04401546778034151
                                Encrypted:false
                                SSDEEP:
                                MD5:DB5F40E4903ADD9AF87D79430FB5F080
                                SHA1:46365753B316646003892CF1CD47A00BB8C0B108
                                SHA-256:FBF2F8C881B3A13EDFD38407E172E74A1761017287DC259685C80E8634F6696C
                                SHA-512:06F54190617CF7206521AF51EF8101B4309307CB3F00BD2FDE7E5A55A67941A73EB29C386134F2AD19A11B3B29395915937731538968A3BFC078D546FB067A59
                                Malicious:false
                                Reputation:low
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Windows\System32\WerFault.exe
                                File Type:MS Windows registry file, NT/2000 or above
                                Category:dropped
                                Size (bytes):1835008
                                Entropy (8bit):4.3729954084623905
                                Encrypted:false
                                SSDEEP:6144:jFVfpi6ceLP/9skLmb08yWWSPtaJG8nAge35OlMMhA2AX4WABlguNviL:ZV1qyWWI/glMM6kF7Rq
                                MD5:616E22A6972AD07AECA7EC7FCB15FEE6
                                SHA1:4D522F3C360B888A6BBE5E1A57FBEAE85044FEE0
                                SHA-256:0C72624C6B32102F39E1546723CF4545DDBBF827B5E7233B57BCBE4E758D6F26
                                SHA-512:7C29CFE0E41EE09670FDC411B66BE2637FE8E219C71EE1B50B2DF058505E53ED7DD3ACC6CA735C319E15D51EB49D22B7EFFA3BC8BC1400FDD3455C3F6FDD037C
                                Malicious:false
                                Preview:regfC...C....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....SF..............................................................................................................................................................................................................................................................................................................................................c..%........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):7.070341376740551
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.40%
                                • InstallShield setup (43055/19) 0.43%
                                • Windows Screen Saver (13104/52) 0.13%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                File name:wg7SDQAffQ.exe
                                File size:2'764'800 bytes
                                MD5:4a73123f397a6b45269dbedb40622967
                                SHA1:12f348c5c9b10548797c0bf8e3098254a69d1a23
                                SHA256:a9ce2c8a98a02f9f90bb4b649a34a5decc294c60f66c2365cd06d4f787343472
                                SHA512:b2144a1c7f15da27330171a66b6772cf71376abe122aca43bb3fe9cec398d19eb9a164a5adc04a57e7dbca998524d6964ec63cef2968f905da44b694062362fd
                                SSDEEP:49152:/VHFXSzmqiDqCbm1gickVsPT1uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuo:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuub
                                TLSH:98D5BF01F29181B1D95236B55263E2F555B2AFF8973B80CF61927F1B3B321E25A33386
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                Icon Hash:c5a684988c94a0c5
                                Entrypoint:0x4dc300
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                DLL Characteristics:NO_SEH
                                Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                Instruction
                                sub esp, 44h
                                push esi
                                call dword ptr [0053D228h]
                                mov esi, eax
                                mov al, byte ptr [esi]
                                cmp al, 22h
                                call 00007F8010A209C0h
                                inc esi
                                cmp al, 22h
                                je 00007F8010AD09CAh
                                test al, al
                                jne 00007F8010AD09B6h
                                cmp al, 22h
                                jne 00007F8010AD09D8h
                                inc esi
                                jmp 00007F8010AD09D5h
                                cmp al, 20h
                                jbe 00007F8010AD09D1h
                                lea esp, dword ptr [esp+00000000h]
                                mov al, byte ptr [esi+01h]
                                inc esi
                                cmp al, 20h
                                jnbe 00007F8010AD09BAh
                                mov al, byte ptr [esi]
                                test al, al
                                je 00007F8010AD09D0h
                                mov edi, edi
                                cmp al, 20h
                                jnbe 00007F8010AD09CAh
                                mov al, byte ptr [esi+01h]
                                inc esi
                                test al, al
                                jne 00007F8010AD09B6h
                                lea eax, dword ptr [esp+04h]
                                push eax
                                mov dword ptr [esp+34h], 00000000h
                                call dword ptr [0053D270h]
                                test byte ptr [esp+30h], 00000001h
                                movzx eax, word ptr [esp+34h]
                                jne 00007F8010AD09C7h
                                mov eax, 0000000Ah
                                push eax
                                push esi
                                push 00000000h
                                push 00000000h
                                call dword ptr [0053D224h]
                                push eax
                                call 00007F8010AD05C3h
                                push eax
                                call dword ptr [0053D220h]
                                pop esi
                                int3
                                int3
                                int3
                                int3
                                int3
                                int3
                                movzx edx, byte ptr [ecx+0Dh]
                                xor eax, eax
                                mov ah, byte ptr [ecx+0Fh]
                                mov al, byte ptr [ecx+0Ch]
                                movzx ecx, byte ptr [ecx+0Eh]
                                shl eax, 08h
                                or eax, edx
                                shl eax, 08h
                                or eax, ecx
                                ret
                                int3
                                int3
                                int3
                                int3
                                int3
                                mov eax, ecx
                                mov dword ptr [eax], 00000000h
                                mov dword ptr [eax+04h], 00000000h
                                ret
                                push esi
                                push edi
                                mov esi, ecx
                                call dword ptr [0000D518h]
                                Programming Language:
                                • [ C ] VS2003 (.NET) build 3077
                                • [C++] VS2003 (.NET) build 3077
                                • [RES] VS2003 (.NET) build 3077
                                • [LNK] VS2003 (.NET) build 3077
                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x13fca0.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x2280000x13fca00x14000061b8a08ad3a6c15c0e0aa62db1a850c0False0.4897727966308594data7.030513526341234IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_CURSOR0x2296a80x134dataEnglishUnited States0.275974025974026
                                RT_CURSOR0x2297dc0xb4dataEnglishUnited States0.6444444444444445
                                RT_CURSOR0x2298900x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                RT_CURSOR0x2299c40xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                RT_CURSOR0x229a780x134dataEnglishUnited States0.12012987012987013
                                RT_ICON0x229bac0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                RT_ICON0x22a2140x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                RT_ICON0x22a4fc0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                RT_ICON0x22a6e40x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                RT_ICON0x22a80c0x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                RT_ICON0x22ddec0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                RT_ICON0x22ec940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                RT_ICON0x22f53c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                RT_ICON0x22fc040x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                RT_ICON0x23016c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                RT_ICON0x2307d40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                RT_ICON0x230abc0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                RT_ICON0x230be40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                RT_ICON0x231a8c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                RT_ICON0x2323340x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                RT_ICON0x23289c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                RT_ICON0x234e440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                RT_ICON0x235eec0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                RT_ICON0x2363540x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                RT_ICON0x2369bc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                RT_ICON0x236ca40x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                RT_ICON0x236e8c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                RT_ICON0x236fb40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                RT_ICON0x237e5c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                RT_ICON0x2387040x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                RT_ICON0x238dcc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                RT_ICON0x2393340x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                RT_ICON0x23b8dc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                RT_ICON0x23c9840x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                RT_ICON0x23d30c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                RT_ICON0x23d7740x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                RT_ICON0x24df9c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                RT_ICON0x2574440x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                RT_ICON0x25dc2c0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                RT_ICON0x2630b40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                RT_ICON0x2672dc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                RT_ICON0x2698840x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                RT_ICON0x26a92c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                RT_ICON0x26b2b40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                RT_MENU0x26b71c0x280dataChineseTaiwan0.55
                                RT_MENU0x26b99c0x350dataGermanGermany0.46226415094339623
                                RT_MENU0x26bcec0x2f2dataEnglishUnited States0.46419098143236076
                                RT_MENU0x26bfe00x34cdataFrenchFrance0.45260663507109006
                                RT_MENU0x26c32c0x356dataItalianItaly0.4601873536299766
                                RT_MENU0x26c6840x2c0dataJapaneseJapan0.5539772727272727
                                RT_MENU0x26c9440x2c4dataKoreanNorth Korea0.5706214689265536
                                RT_MENU0x26c9440x2c4dataKoreanSouth Korea0.5706214689265536
                                RT_MENU0x26cc080x286dataChineseChina0.5479876160990712
                                RT_MENU0x26ce900x336data0.46228710462287104
                                RT_MENU0x26d1c80x116dataChineseTaiwan0.7086330935251799
                                RT_MENU0x26d2e00x20adataGermanGermany0.5268199233716475
                                RT_MENU0x26d4ec0x1d2dataEnglishUnited States0.5343347639484979
                                RT_MENU0x26d6c00x220dataFrenchFrance0.5055147058823529
                                RT_MENU0x26d8e00x1fedataItalianItaly0.515686274509804
                                RT_MENU0x26dae00x146dataJapaneseJapan0.7239263803680982
                                RT_MENU0x26dc280x144dataKoreanNorth Korea0.7253086419753086
                                RT_MENU0x26dc280x144dataKoreanSouth Korea0.7253086419753086
                                RT_MENU0x26dd6c0x12edataChineseChina0.7019867549668874
                                RT_MENU0x26de9c0x1f4data0.536
                                RT_MENU0x26e0900x6adataChineseTaiwan0.7452830188679245
                                RT_MENU0x26e0fc0x9cdataGermanGermany0.7115384615384616
                                RT_MENU0x26e1980x70dataEnglishUnited States0.75
                                RT_MENU0x26e2080x90dataFrenchFrance0.6805555555555556
                                RT_MENU0x26e2980x88dataItalianItaly0.7205882352941176
                                RT_MENU0x26e3200x78dataJapaneseJapan0.75
                                RT_MENU0x26e3980x78dataKoreanNorth Korea0.7833333333333333
                                RT_MENU0x26e3980x78dataKoreanSouth Korea0.7833333333333333
                                RT_MENU0x26e4100x6adataChineseChina0.7452830188679245
                                RT_MENU0x26e47c0x8cdata0.6857142857142857
                                RT_MENU0x26e5080x22dataChineseTaiwan1.1764705882352942
                                RT_MENU0x26e52c0x4adataGermanGermany0.8378378378378378
                                RT_MENU0x26e5780x34dataEnglishUnited States1.0
                                RT_MENU0x26e5ac0x3edataFrenchFrance0.9193548387096774
                                RT_MENU0x26e5ec0x42dataItalianItaly0.9545454545454546
                                RT_MENU0x26e6300x28dataJapaneseJapan1.125
                                RT_MENU0x26e6580x24dataKoreanNorth Korea1.1944444444444444
                                RT_MENU0x26e6580x24dataKoreanSouth Korea1.1944444444444444
                                RT_MENU0x26e67c0x22dataChineseChina1.1764705882352942
                                RT_MENU0x26e6a00x3cdata1.0166666666666666
                                RT_DIALOG0x26e6dc0x1a6dataChineseTaiwan0.5284360189573459
                                RT_DIALOG0x26e8840x1a6dataGermanGermany0.523696682464455
                                RT_DIALOG0x26ea2c0x1a6dataEnglishUnited States0.523696682464455
                                RT_DIALOG0x26ebd40x1a6dataFrenchFrance0.523696682464455
                                RT_DIALOG0x26ed7c0x1a6dataItalianItaly0.523696682464455
                                RT_DIALOG0x26ef240x19edataJapaneseJapan0.538647342995169
                                RT_DIALOG0x26f0c40x1a6dataKoreanNorth Korea0.5284360189573459
                                RT_DIALOG0x26f0c40x1a6dataKoreanSouth Korea0.5284360189573459
                                RT_DIALOG0x26f26c0x1a6dataChineseChina0.5260663507109005
                                RT_DIALOG0x26f4140x1aedata0.5302325581395348
                                RT_DIALOG0x26f5c40x140dataChineseTaiwan0.70625
                                RT_DIALOG0x26f7040x1d8dataGermanGermany0.5614406779661016
                                RT_DIALOG0x26f8dc0x1cadataEnglishUnited States0.5633187772925764
                                RT_DIALOG0x26faa80x1bcdataFrenchFrance0.5968468468468469
                                RT_DIALOG0x26fc640x18cdataItalianItaly0.6035353535353535
                                RT_DIALOG0x26fdf00x162dataJapaneseJapan0.7457627118644068
                                RT_DIALOG0x26ff540x144dataKoreanNorth Korea0.7376543209876543
                                RT_DIALOG0x26ff540x144dataKoreanSouth Korea0.7376543209876543
                                RT_DIALOG0x2700980x138dataChineseChina0.6987179487179487
                                RT_DIALOG0x2701d00x1cedata0.5757575757575758
                                RT_DIALOG0x2703a00x2cadataChineseTaiwan0.5714285714285714
                                RT_DIALOG0x27066c0x4cedataGermanGermany0.4056910569105691
                                RT_DIALOG0x270b3c0x448dataEnglishUnited States0.39507299270072993
                                RT_DIALOG0x270f840x4f8dataFrenchFrance0.3977987421383648
                                RT_DIALOG0x27147c0x49cdataItalianItaly0.38813559322033897
                                RT_DIALOG0x2719180x34edataJapaneseJapan0.5721040189125296
                                RT_DIALOG0x271c680x32edataKoreanNorth Korea0.5675675675675675
                                RT_DIALOG0x271c680x32edataKoreanSouth Korea0.5675675675675675
                                RT_DIALOG0x271f980x2c2dataChineseChina0.5722379603399433
                                RT_DIALOG0x27225c0x48edata0.3936535162950257
                                RT_STRING0x2726ec0xeedataChineseTaiwan0.5378151260504201
                                RT_STRING0x2727dc0x10adataGermanGermany0.5225563909774437
                                RT_STRING0x2728e80x104dataEnglishUnited States0.5076923076923077
                                RT_STRING0x2729ec0x116dataFrenchFrance0.5215827338129496
                                RT_STRING0x272b040x10cdataItalianItaly0.5111940298507462
                                RT_STRING0x272c100xfcdataJapaneseJapan0.5674603174603174
                                RT_STRING0x272d0c0xf0dataKoreanNorth Korea0.5625
                                RT_STRING0x272d0c0xf0dataKoreanSouth Korea0.5625
                                RT_STRING0x272dfc0xeedataChineseChina0.542016806722689
                                RT_STRING0x272eec0x116data0.5179856115107914
                                RT_STRING0x2730040xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                RT_STRING0x2730e40x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                RT_STRING0x2732e80x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                RT_STRING0x2734940x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                RT_STRING0x2736a00x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                RT_STRING0x27384c0x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                RT_STRING0x273a640xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                RT_STRING0x273b440x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                RT_STRING0x273cec0x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                RT_STRING0x273d440x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                RT_STRING0x273e540xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                RT_STRING0x273f200x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                RT_STRING0x2740280xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                RT_STRING0x2741240x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                RT_STRING0x2741b40x7cdataKoreanNorth Korea0.6290322580645161
                                RT_STRING0x2741b40x7cdataKoreanSouth Korea0.6290322580645161
                                RT_STRING0x2742300x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                RT_STRING0x27428c0x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                RT_STRING0x2743c40x52dataChineseTaiwan0.8536585365853658
                                RT_STRING0x2744180xaadataGermanGermany0.6
                                RT_STRING0x2744c40x98dataEnglishUnited States0.6052631578947368
                                RT_STRING0x27455c0xd6dataFrenchFrance0.5373831775700935
                                RT_STRING0x2746340xaadataItalianItaly0.5764705882352941
                                RT_STRING0x2746e00x70dataJapaneseJapan0.7857142857142857
                                RT_STRING0x2747500x58dataKoreanNorth Korea0.8977272727272727
                                RT_STRING0x2747500x58dataKoreanSouth Korea0.8977272727272727
                                RT_STRING0x2747a80x52dataChineseChina0.8048780487804879
                                RT_STRING0x2747fc0xc8data0.54
                                RT_ACCELERATOR0x2748c40x80dataEnglishUnited States0.6875
                                RT_GROUP_CURSOR0x2749440x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                RT_GROUP_CURSOR0x2749680x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                RT_GROUP_CURSOR0x27498c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                RT_GROUP_ICON0x2749a00x102dataEnglishUnited States0.6046511627906976
                                RT_GROUP_ICON0x274aa40xaedataEnglishUnited States0.6206896551724138
                                RT_GROUP_ICON0x274b540x84dataEnglishUnited States0.6363636363636364
                                RT_VERSION0x274bd80x3c4dataEnglishUnited States0.4221991701244813
                                RT_DLGINCLUDE0x274f9c0x6dc36PC bitmap, Windows 3.x format, 56415 x 2 x 37, image size 449922, cbSize 449590, bits offset 540.6995551502480037
                                RT_ANIICON0x2e2bd40xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                RT_ANIICON0x2f11040xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                RT_ANIICON0x2fbebc0xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                RT_ANIICON0x3082c40x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                RT_ANIICON0x33a7e00x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                DLLImport
                                WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                WININET.dllHttpQueryInfoA
                                CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States
                                ChineseTaiwan
                                GermanGermany
                                FrenchFrance
                                ItalianItaly
                                JapaneseJapan
                                KoreanNorth Korea
                                KoreanSouth Korea
                                ChineseChina
                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-12-04T14:47:25.325701+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2217575192.168.2.849707TCP
                                TimestampSource PortDest PortSource IPDest IP
                                Dec 4, 2024 14:47:23.918215036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:24.038059950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:24.038136959 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:24.038335085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:24.162285089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.196151018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.199754000 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.325700998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.580688000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.601226091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.721401930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.973186016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.973304987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.973318100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.973368883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.973964930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.973978043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.974031925 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.975177050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.975208998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.975238085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.975888014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.975935936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.982006073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.982086897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.982150078 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:25.989959955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.990127087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:25.990178108 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.093714952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.165354967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.165430069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.165455103 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.169166088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.169342995 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.169373989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.177330017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.177387953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.177560091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.185417891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.185472965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.185604095 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.193629980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.193696022 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.193742990 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.201172113 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.201236963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.201339960 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.209157944 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.209217072 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.209297895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.217230082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.217308044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.217340946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.225821972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.225959063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.226008892 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.233155012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.233242989 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.233350992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.241755009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.241839886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.242027998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.282258987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.285953999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.286068916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.286171913 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.289788008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.391503096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.391622066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.391683102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.395034075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.395083904 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.396502972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.396661043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.396696091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.404329062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.404561043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.404608965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.413072109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.413268089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.413311005 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.421132088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.421363115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.421401024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.429536104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.429780006 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.429827929 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.434422970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.434593916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.434884071 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.437963963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.438183069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.438230038 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.441735029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.441965103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.442015886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.444751024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.444894075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.444936037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.448400021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.448568106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.448611021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.452203989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.452353954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.452481031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.456002951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.456250906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.456295013 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.459597111 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.459801912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.459852934 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.462905884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.463047981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.463102102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.465938091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.466125965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.466341972 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.470736980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.471036911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.471071959 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.474028111 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.474201918 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.474246979 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.477637053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.477845907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.477894068 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.512123108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.512228012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.512317896 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.513570070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.513827085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.513864994 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.517230988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.613472939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.613527060 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.613641977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.615128994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.615200996 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.615263939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.619107008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.619153976 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.619843006 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.620027065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.620074987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.623156071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.623382092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.623445034 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.627346039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.627541065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.627629042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.630920887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.631100893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.631249905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.633749962 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.633936882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.633976936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.637095928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.637257099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.637296915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.640357018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.640624046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.640664101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.642172098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.642318010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.642353058 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.644419909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.644572020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.644613981 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.646414995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.646675110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.646823883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.648453951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.648641109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.648683071 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.650518894 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.650672913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.652623892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.652690887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.652793884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.653019905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.654829979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.656341076 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.656384945 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.656826973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.657084942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.657133102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.658902884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.659082890 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.659128904 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.660998106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.661159992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.661443949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.663077116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.663260937 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.663306952 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.665126085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.665402889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.665445089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.667212963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.667391062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.667443037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.669333935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.669522047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.669606924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.671428919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.671622038 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.671660900 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.673568010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.673827887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.673868895 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.676254034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.676456928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.676502943 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.678570032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.678852081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.678905964 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.680995941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.681118965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.681188107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.682955980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.683191061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.684792995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.684849024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.685087919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.685571909 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.686623096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.686809063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.686841965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.688549995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.688700914 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.688738108 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.690850973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.691123962 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.692996025 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.693044901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.693205118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.694966078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.695022106 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.695113897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.695152998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.697287083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.697357893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.697406054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.825498104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.825572968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.825663090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.826201916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.826386929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.826441050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.827925920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.828176022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.829015970 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.829730988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.829852104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.831434965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.831480980 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.831615925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.833009958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.833189964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.833353996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.833395958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.834861040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.835067034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.835108995 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.836666107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.836796999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.836853981 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.838361979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.838625908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.838673115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.840214014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.840430975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.840472937 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.841845036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.842003107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.842061043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.843602896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.843795061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.845014095 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.845386028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.845557928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.847114086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.847160101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.847243071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.847949028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.848788977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.848967075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.849010944 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.850543976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.850759983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.850863934 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.852401018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.852665901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.852895021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.854011059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.854336023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.854379892 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.855729103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.855901003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.855937958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.857501984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.857625008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.857664108 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.859164000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.859338045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.859390020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.860968113 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.861112118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.861347914 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.862622976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.862809896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.862844944 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.864406109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.864592075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.864628077 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.866141081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.866323948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.868038893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.868083954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.868355989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.869019985 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.869698048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.869837999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.869889021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.871380091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.871567011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.871603966 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.873131037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.873307943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.873356104 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.874965906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.875144005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.875184059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.876647949 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.876840115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.876890898 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.878357887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.878494978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.878539085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.880086899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.880250931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.880307913 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.881752968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.881947041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.881983995 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.883472919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.883692026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.883725882 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.885262966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.885550022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.885588884 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.887022018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.887228966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.887274027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.888735056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.888973951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.889018059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.891230106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.891398907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.892842054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.892888069 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.893049955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.894412994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.894453049 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.894591093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.894625902 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.896190882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.896290064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.896331072 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.898015976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.898332119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.898379087 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.899730921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.899904966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.899980068 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.901323080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.901578903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.901618958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.902687073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.902857065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.902899027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.904390097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.904557943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.905015945 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.906174898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.906333923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.906418085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.907784939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.907980919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.908013105 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.909693956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.909815073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.911252022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.911310911 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.911571026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:26.913037062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:26.913213015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.005115986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.070137978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.070357084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.070446968 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.071365118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.071389914 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.071453094 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.072293043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.072381020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.072422028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.073568106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.073725939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.073761940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.075079918 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.075540066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.075578928 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.076687098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.076898098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.076935053 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.078071117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.078268051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.078330040 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.079746008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.079936981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.079999924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.080957890 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.081185102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.081233978 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.082664967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.082798004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.082845926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.083926916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.084263086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.084310055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.085315943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.085534096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.086889982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.086950064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.087119102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.088320971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.088375092 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.088545084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.088588953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.089442015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.089605093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.089652061 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.090744019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.091116905 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.091219902 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.092155933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.092291117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.092325926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.093305111 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.093441963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.093764067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.094551086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.094748020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.094815016 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.095812082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.096035004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.096086025 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.097274065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.097434044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.097470045 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.098665953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.098874092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.098938942 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.100177050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.100326061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.100375891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.101763010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.101917028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.102103949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.103260040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.103471041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.103544950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.104773045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.104954958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.105024099 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.106739044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.106889009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.107892990 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.107932091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.108100891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.108138084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.109400034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.109647989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.109718084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.110796928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.111067057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.111227036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.112754107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.112859964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.112983942 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.113801003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.113991976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.114995003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.115058899 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.115088940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.116333961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.116374016 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.116575003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.116616964 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.117702007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.117930889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.117985010 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.119390011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.119555950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.119597912 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.120925903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.121225119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.121259928 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.122167110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.122327089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.122364044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.123342991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.123435020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.124852896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.124895096 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.124974012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.125292063 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.126326084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.126487017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.126522064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.127599001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.127742052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.127788067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.128726959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.128880978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.129015923 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.130008936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.130168915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.130227089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.131493092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.131660938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.131706953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.132869005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.133011103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.133054972 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.134310007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.134533882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.134577036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.135667086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.135878086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.135986090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.137121916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.137382030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.137420893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.138540030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.138751984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.138858080 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.140011072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.140325069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.140362024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.141359091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.141568899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.141622066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.142935991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.143066883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.143110037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.144426107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.262125015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.262218952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.262290001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.262672901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.263092041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.263142109 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.263209105 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.263257027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.264786005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.264921904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.265012980 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.266168118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.266180992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.266350985 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.267558098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.267704010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.267787933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.268831015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.269052982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.269098997 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.270375013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.270637035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.270759106 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.272125959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.272273064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.272320986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.273513079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.273804903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.273850918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.274784088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.274945974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.275181055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.276192904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.276412010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.276952982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.277740955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.277867079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.277910948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.279165983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.279328108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.279369116 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.280935049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.280947924 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.280976057 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.282166004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.282289982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.282337904 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.283571005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.283759117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.283802032 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.284961939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.285284996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.285332918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.286911011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.287028074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.287077904 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.288284063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.288491964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.288543940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.289659977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.289779902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.289823055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.290812969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.290944099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.291989088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.292052031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.292121887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.293030024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.293169975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.293313980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.293354988 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.294943094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.294958115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.295069933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.296190023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.296341896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.296380043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.297663927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.297822952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.297872066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.299079895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.299218893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.299271107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.300329924 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.300496101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.301034927 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.301747084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.301947117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.302153111 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.303164959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.303366899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.303420067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.304655075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.304789066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.304842949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.306087017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.306478977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.306683064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.307751894 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.308036089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.308449984 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.309386015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.309525013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.310739040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.310790062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.310921907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.312304974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.312355995 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.312508106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.312546968 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.313616991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.313865900 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.313915968 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.314946890 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.315114021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.315725088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.316154003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.316296101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.316334963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.317503929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.317678928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.317734957 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.319058895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.319288015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.319325924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.320641994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.320815086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.320859909 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.322124004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.322360039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.322408915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.323800087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.324018002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.324063063 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.325280905 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.325467110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.325506926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.326992989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.327186108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.327233076 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.328397036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.328593016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.329026937 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.329829931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.330070972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.331516981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.331567049 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.331705093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.332334042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.332811117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.332974911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.333031893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.334356070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.334635019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.335789919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.335839033 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.336011887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.336054087 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.337332010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.337439060 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.337480068 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565160036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565185070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565195084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565207005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565217972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565224886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565254927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565254927 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565254927 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565268040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565274954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565278053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565290928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565299034 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565300941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565313101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565341949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565342903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565356016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565366030 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565366983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565378904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565390110 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565408945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565408945 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565422058 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565432072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565443039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565465927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565466881 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565478086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565501928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565505981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565506935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565525055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565543890 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565556049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565557957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565562010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565567017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565592051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565607071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565627098 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565630913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565642118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565653086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565655947 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565664053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565686941 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565691948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565702915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565712929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565718889 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565723896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565736055 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565747976 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565749884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565782070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565782070 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565793037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565802097 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565804958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565814972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565821886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565845013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565849066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565855980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565866947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565876961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565887928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565897942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565902948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565927029 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565932989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565943956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565943956 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565954924 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565964937 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565974951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.565975904 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.565988064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566004038 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566013098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566028118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566032887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566036940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566039085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566041946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566047907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566072941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566081047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566085100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566092014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566102982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566109896 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566114902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566124916 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566131115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566149950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566153049 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566158056 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566160917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566170931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566181898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566190958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566194057 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566201925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566211939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566220999 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566221952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566232920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566239119 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566243887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566253901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566265106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566268921 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566276073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566287994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566298008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566299915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566308975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566318035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566329956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566334963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566339970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566349983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566356897 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566359997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566370964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566373110 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566380024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566390991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566392899 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566401005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566411972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566412926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566421986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566426992 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566432953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566443920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566451073 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566453934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566463947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566478014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566478014 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566488028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566498995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566499949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566509008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566513062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566519976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566529036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566531897 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566540003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566550016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566555023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566560030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.566581011 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.566593885 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.569324017 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.569374084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.646486998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.646640062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.646717072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.646742105 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.647113085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.647156954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.648308039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.648509026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.648556948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.649219036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.649370909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.649471045 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.650232077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.650429964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.650484085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.651738882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.651972055 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.653023958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.653079033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.653266907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.653311014 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.654786110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.654932976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.654985905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.655788898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.656076908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.657027006 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.657033920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.657391071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.658453941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.658499002 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.658571959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.659653902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.659698963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.659919977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.661030054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.673531055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.673563957 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.684380054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.684752941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.684765100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.684775114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.684802055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.684827089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.685636997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.685647964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.685683966 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.686434031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.686445951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.686479092 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.687382936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.687393904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.687426090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.688359022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.688370943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.688376904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.688421965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.689328909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.689341068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.689366102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.690138102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.690150023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.690186977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.691097021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.691108942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.691142082 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.692080021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.692090988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.692121029 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.693056107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.693068981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.693078041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.693156958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.693984032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.693994999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.694080114 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.694905043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.694916964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.694952965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.695708036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.695719957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.695775032 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.696614981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.696626902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.696636915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.696659088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.697561026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.697571993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.697609901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.698472023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.698483944 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.698563099 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.699398041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.699410915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.699451923 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.700383902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.700396061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.700424910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.701348066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.702255011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.702266932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.702299118 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.702322006 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.703142881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.703155994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.703191042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.705163956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.705177069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.705223083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.705931902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.705945015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.705955029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.705986977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.706820965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.706860065 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.707815886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.708708048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.708719969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.708750963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.709695101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.710653067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.710664988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.710691929 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.710724115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.711509943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.711522102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.711569071 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.712363005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.712388992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.712424994 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.714235067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.714246988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.714257002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.714287043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.715195894 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.716217995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.716263056 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.717071056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.717082024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.717123032 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.717962980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.718060970 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.719243050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.719254017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.719299078 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.720861912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.720874071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.720912933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.721695900 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.721707106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.721750975 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.722635984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.723519087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.723551989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.723562002 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.724663019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.725019932 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.725584984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.726553917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.727395058 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.727406979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.727473974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.773627043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.776881933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.838804007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.839063883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.839551926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.839596987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.839680910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.839720011 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.840039015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.840379000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.840415001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.840862036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.841350079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.841613054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.841672897 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.842312098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.842349052 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.842705965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.843637943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.843689919 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.843844891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.844286919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.844558001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.844734907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.845355988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.845458031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.845458031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.845752001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.846374035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.846626997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.846671104 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.847332954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.847428083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.847551107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.848211050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.848382950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.848525047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.849133015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.849206924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.849354982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.850111008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.850152969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.850326061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.851068974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.851114035 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.851238012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.851238012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.851294041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.852036953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.852076054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.852308989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.853048086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.853101969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.853241920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.854208946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.854243040 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.854419947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.854974031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.855024099 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.855279922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.855421066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.855432034 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.855952978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.856009960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.856142998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.856906891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.857028008 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.857141018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.857907057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.857944012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.858033895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.858845949 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.858880997 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.859085083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.859976053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.860018015 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.860109091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.860452890 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.860452890 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.860995054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.861079931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.861397982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.861808062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.861859083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.862171888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.862728119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.862843037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.862976074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.863758087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.863843918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.863923073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.864690065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.864725113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.864905119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.865680933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.865875959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.865962982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.866759062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.866996050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.867038012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.867686033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.867909908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.867954969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.868712902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.868767023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.868890047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.869579077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.869860888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.869914055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.870532990 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.870816946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.870873928 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.871332884 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.871440887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.871488094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.871545076 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.871732950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.872453928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.872494936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.872659922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.873444080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.873634100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.873681068 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.874396086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.874653101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.874733925 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.875408888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.875463009 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.875564098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.876327991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.876370907 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.876544952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.877384901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.877604961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.877677917 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.878473997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.878679037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.878753901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.879347086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.879401922 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.879498959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.880312920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.880357027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.880583048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.881191015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.881232023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.881412983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.882210016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.882261038 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.882458925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.883172035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.883213043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.883378983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.884268045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.884692907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.884746075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.886691093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.886703968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.886750937 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.887507915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.887520075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.887546062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.888288975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.888302088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.888340950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.889106035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.889130116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.889183998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.890204906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.890218973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:27.890284061 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.926172972 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:27.926194906 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.030853033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.031101942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.031539917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.031676054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.031924963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.032430887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.032470942 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.032800913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.033318043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.033377886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.033586979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.033633947 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.033894062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.034564972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.034625053 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.034789085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.035553932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.035801888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.035845041 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.036545038 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.036775112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.036868095 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.037537098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.037585974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.037715912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.038605928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.038733006 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.038789988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.039470911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.039762020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.039828062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.040427923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.040621042 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.040678024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.041363955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.041412115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.041698933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.042382956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.042432070 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.042584896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.043308020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.043664932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.043730021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.044313908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.044529915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.044579029 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.045275927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.045356035 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.045511961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.046238899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.046298027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.046452045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.047229052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.047437906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.047518969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.048171997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.048439026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.048490047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.049241066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.049617052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.049664974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.050635099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.050929070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.050982952 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.051589966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.051810026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.051881075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.052464008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.052556038 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.052696943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.053316116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.053520918 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.053567886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.054241896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.054450035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.054500103 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.055365086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.055567980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.055614948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.056283951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.056368113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.056452036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.057312012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.057570934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.057622910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.058254004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.058305979 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.058429956 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.058439016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.058518887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.059176922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.059387922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.059425116 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.060098886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.060317039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.060342073 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.061014891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.061079979 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.061187029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.061822891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.061876059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.062031984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.062868118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.063004017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.063071012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.063738108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.063960075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.064034939 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.064713001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.064938068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.064984083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.065668106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.065920115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.066000938 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.066643000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.066884041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.066931963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.067639112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.067856073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.067979097 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.068706989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.068769932 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.068903923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.069556952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.069668055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.069781065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.070545912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.070637941 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.070777893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.071669102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.071712017 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.071908951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.072602987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.072756052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.072802067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.073471069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.073561907 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.073834896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.074500084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.074544907 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.074676991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.075453043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.075640917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.075700998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.076493979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.076725006 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.076862097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.077349901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.077399969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.077694893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.078358889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.078538895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.078608036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.079301119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.079340935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.079778910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.080324888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.080509901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.080578089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.081290960 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.081370115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.081450939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.096601009 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.142896891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.246927023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.247033119 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.247137070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.248883963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.248943090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.249099016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.249114037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.249202013 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.249927998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.250369072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.250380993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.250498056 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.251005888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.251056910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.251485109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.251502991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.251559973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.252269030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.252281904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.252326012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.253212929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.253633022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.253669977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.254118919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.254127026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.254225016 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.254838943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.255179882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.255250931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.255712986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.256217957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.256266117 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.256716967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.257250071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.257328987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.257709026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.257989883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.258047104 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.258497000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.258661032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.258728027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.259416103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.259731054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.259778976 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.260288954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.260548115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.260660887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.261271000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.261478901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.261535883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.262232065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.262465000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.262530088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.263197899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.263434887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.263489008 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.264235973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.264395952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.264470100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.265197039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.265396118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.265460968 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.266253948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.266499996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.266601086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.267338991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.268027067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.268085003 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.268420935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.268582106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.268647909 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.269119024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.269293070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.269340038 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.270059109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.270315886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.270435095 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.270987988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.271226883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.271275043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.272048950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.272274971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.272310019 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.272923946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.273277044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.273332119 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.273890972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.274126053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.274229050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.274862051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.275100946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.275151014 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.275831938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.276082993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.276161909 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.276869059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.277165890 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.277225018 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.277923107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.278139114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.278192997 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.278745890 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.279066086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.279117107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.279886007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.280164003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.280263901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.280759096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.281028032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.281075954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.281656027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.281876087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.281938076 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.282618046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.282847881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.282913923 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.283622980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.283870935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.283901930 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.284589052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.284821033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.284912109 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.285660982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.285830975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.285876989 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.286604881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.286876917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.286911964 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.287610054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.287798882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.287843943 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.288522959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.288759947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.288827896 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.289521933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.289668083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.289721012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.290400028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.290630102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.290692091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.291412115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.291630983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.291717052 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.292413950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.292665958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.292718887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.293498993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.293684006 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.293725967 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.294372082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.294580936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.294634104 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.295289993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.295526981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.295595884 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.296324968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.296487093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.296556950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.297311068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.297501087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.297578096 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.469085932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.469350100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.469412088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.469662905 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.469923019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.470531940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.470736980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.470772982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.470772982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.471457958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.471601963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.471708059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.472484112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.472718000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.472785950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.473690033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.473704100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.473915100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.474334955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.474709988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.474787951 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.475346088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.475553989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.476159096 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.476301908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.476501942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.476540089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.477641106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.478034019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.478069067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.478498936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.478739977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.479254961 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.479509115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.479648113 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.479731083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.480462074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.480612993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.481257915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.481482029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.481651068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.481688023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.482567072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.482868910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.482912064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.483539104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.483704090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.484416962 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.484606981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.484647036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.484647036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.485460997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.485577106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.485634089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.486407042 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.486634970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.486702919 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.487274885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.487432003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.487482071 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.488066912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.488204956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.488543987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.489160061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.489533901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.489602089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.489908934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.490199089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.490237951 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.490928888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.491069078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.491123915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.491935015 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.492122889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.492286921 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.493150949 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.493455887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.493501902 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.494173050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.494358063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.494503021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.495115042 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.495275974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.495317936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.495769978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.495939016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.496113062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.496862888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.497531891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.497574091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.497798920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.498145103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.498615026 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.498684883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.498877048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.498925924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.499639034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.499882936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.499922037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.500633001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.500771046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.500811100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.501606941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.501859903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.502119064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.502563953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.502754927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.502909899 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.503520966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.503771067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.503895044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.504523993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.504718065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.504797935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.505611897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.505805969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.505853891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.506495953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.506638050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.506704092 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.507481098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.507613897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.507675886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.508385897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.508599043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.508646011 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.509578943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.509780884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.509871960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.510411024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.510539055 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.510584116 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.511348963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.511472940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.511548042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.512439013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.512618065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.512661934 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.513405085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.513619900 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.513670921 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.514332056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.514420986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.514484882 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.515202999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.515425920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.515630960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.516165018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.516354084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.516412973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.517133951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.517308950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.517354965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.518102884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.518294096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.518343925 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.519073009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.519275904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.519309044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.520082951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.574677944 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.661258936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.661453009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.661528111 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.661775112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.661925077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.662024021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.662220001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.662945986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.662959099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.662997007 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.664742947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.664757013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.664768934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.664807081 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.664807081 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.664952993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.666100025 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.666115046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.666155100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.666898012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.666932106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.667031050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.667783976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.667818069 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.667831898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.668726921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.668768883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.668979883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671057940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671070099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671081066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671092033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671281099 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.671674967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.671724081 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.671859026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.672512054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.672627926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.672666073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.673505068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.673551083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.673655987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.674487114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.674591064 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.674618959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.675615072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.675723076 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.676079988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.676580906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.676630020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.676743984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.677484989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.677557945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.677599907 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.678333998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.678375959 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.678523064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.679891109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.679905891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.679927111 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.680289984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.680444002 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.680485010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.681260109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.681288958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.681443930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.682280064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.682322025 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.682549953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.683443069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.683459997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.683481932 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.684185982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.684226036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.684369087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.685142994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.685197115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.685340881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.686109066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.686151028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.686269045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.687122107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.687175989 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.687282085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.688080072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.688221931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.688342094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.689066887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.689132929 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.689189911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.690067053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.690121889 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.690186024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.691000938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.691062927 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.691236973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.692054033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.692096949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.692213058 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.692975044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.693079948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.693084002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.693887949 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.693984985 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.694061041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.694859982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.694933891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.695034027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.695832014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.695933104 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.696013927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700624943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700639009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700650930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700680971 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.700700998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.700761080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700772047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700783014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700851917 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.700879097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700898886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700910091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700921059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.700938940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.700938940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.701672077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.701710939 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.701836109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.702673912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.702725887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.702852964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.703629017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.703675032 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.703876972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.705146074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.705193996 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.706955910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.708571911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.708583117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.708597898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.708609104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.708626986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.708626986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.708995104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.709038973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.709182978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.710292101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.710340977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.710469007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.711091042 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.711127996 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.711287022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.711918116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.711960077 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.712054014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.712503910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.712562084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.712641001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.817635059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.853615046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.853771925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.853813887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.853861094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.854162931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.854198933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.854835033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.855024099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.855062008 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.855910063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.856060982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.856101990 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.856678009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.856796026 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.856827974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.857773066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.857923031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.857964039 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.858695030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.858922005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.858964920 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.859586954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.859735012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.859770060 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.860402107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.860610008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.860642910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.861377001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.861548901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.861588001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.862334013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.862524986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.862559080 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.863317966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.863507986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.863538980 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.864399910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.864617109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.864660025 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.865282059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.865473986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.865518093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.866297007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.866453886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.866487980 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.867418051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.867924929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.867959023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.868241072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.868496895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.868527889 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.869139910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.869352102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.869385004 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.870142937 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.870310068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.870347023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.871145010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.871345043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.871380091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.872169971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.872278929 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.872313976 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.873110056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.873366117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.873404980 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.874123096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.874437094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.874476910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.875200033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.875403881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.875442982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.876251936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.876425982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.876458883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.877358913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.877543926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.877576113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.878357887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.878582001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.878611088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.879283905 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.879472971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.879508972 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.880167007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.880290031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.880328894 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.880994081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.881182909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.881258965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.881823063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.882035017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.882069111 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.882812023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.882962942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.882997990 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.883753061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.883907080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.883943081 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.884782076 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.884934902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.884974003 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.885693073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.885862112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.885901928 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.886693001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.886831045 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.886862993 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.887603998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.887831926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.887866974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.888720989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.888926029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.888964891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.889889956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.890036106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.890073061 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.890830040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.890971899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.891005993 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.891634941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.891772985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.891813993 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.892482996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.892674923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.892709970 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.893521070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.893687963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.893724918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.894568920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.894825935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.894861937 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.895462036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.895625114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.895663023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.896382093 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.896579027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.896611929 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.897461891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.897631884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.897665024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.898299932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.898535967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.898569107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.899506092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.899703979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.899739981 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.900532007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.900702000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.900738001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.901427984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.901567936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.901598930 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.902367115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.902544022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.902579069 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.903217077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.903402090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.903429985 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:28.904261112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.904411077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:28.904445887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.046108007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.046221018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.046271086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.046607018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.046993971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.047071934 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.047648907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.047766924 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.047801971 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.048413992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.048791885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.048834085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.048983097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.049705029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.049743891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.049953938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.050787926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.050882101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.051042080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.051762104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.051803112 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.051927090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.052733898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.052783012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.052880049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.053617954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.053704977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.053766012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.054624081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.054672956 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.054995060 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.055648088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.055690050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.056022882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.056694984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.056737900 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.056840897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.057624102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.057667971 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.057790995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.058475971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.058514118 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.058667898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.059513092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.059554100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.059643984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.060470104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.060512066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.060590982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.061414957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.061469078 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.061544895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.062352896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.062397003 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.062500954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.063322067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.063365936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.063505888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.064295053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.064322948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.064449072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.065335035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.065370083 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.065500975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.066211939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.066250086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.066385031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.067215919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.067253113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.067385912 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.068171024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.068209887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.068346024 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.069278002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.069315910 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.069529057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.070199013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.070233107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.070297956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.071099997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.071130991 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.071278095 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.072052956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.072094917 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.072249889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.073045969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.073091030 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.073211908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.074012041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.074049950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.074178934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.074981928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.075018883 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.075161934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.075948954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.075982094 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.076123953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.076946974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.076986074 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.077132940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.077933073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.077971935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.078062057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.078845978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.078888893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.079036951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.079840899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.079880953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.080056906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.080806971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.080849886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.080998898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.081767082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.081809044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.081964970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.082768917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.082822084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.082916975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.083755970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.083816051 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.083883047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.084683895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.084726095 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.084849119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.085731983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.085772991 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.085875988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.086639881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.086675882 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.086810112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.087622881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.087658882 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.087810040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.088614941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.088701963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.088727951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.089525938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.089565992 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.089715958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.090531111 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.090568066 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.090750933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.091528893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.091569901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.091696978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.092509985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.092544079 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.092665911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.093449116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.093489885 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.093671083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.094389915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.094424963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.094578028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.095362902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.095395088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.095549107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.096344948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.096404076 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.096487999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.239151001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.239192963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.239308119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.239423037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.239455938 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.239775896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.240434885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.240477085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.240607977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.241388083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.241424084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.241483927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.242006063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.242038965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.242194891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.243021965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.243065119 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.243324995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.243866920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.243900061 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.243994951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.244800091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.244827986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.244967937 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.245692968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.245846987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.246475935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.246653080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.246700048 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.246834040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.247728109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.247833967 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.247898102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.248748064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.248944998 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.249658108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.249783993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.249806881 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.250602007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.250755072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.250777960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.251677036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.251754999 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.251827955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.252775908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.252887964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.252912998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.253642082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.253814936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.254601002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.254785061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.254808903 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.255654097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.255805016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.255836010 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.256639957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.256704092 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.256869078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.257735968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.257950068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.258815050 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.259056091 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.259074926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.259913921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.260046005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.260068893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.260708094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.260847092 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.260909081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.261780977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.261830091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.261900902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.262684107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.262844086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.263649940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.263907909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.263933897 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.264775038 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.264987946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.265012026 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.265877008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.265924931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.266064882 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.267160892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.267369032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.268301010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.268325090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.268480062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.268505096 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.269346952 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.269601107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.270369053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.270654917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.270677090 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.271239996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.271317959 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.271387100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.272298098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.272397041 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.272435904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.273138046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.273325920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.273973942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.274146080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.274168015 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.274871111 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.275022030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.275046110 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.275697947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.275903940 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.275927067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.276441097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.276560068 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.276580095 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.277390003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.277606964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.278363943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.278606892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.278626919 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.279428959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.279584885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.279608965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.280282021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.280504942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.280527115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.281369925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.281498909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.282308102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.282480001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.282512903 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.283217907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.283446074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.283488035 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.284193993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.284336090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.284368992 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.285237074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.285419941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.285444021 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.286185980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.286379099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.286401033 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.287108898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.287333965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.287358046 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.288126945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.288321018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.288392067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.289259911 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.289361000 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.289417982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.290240049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.290283918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.290409088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.411468983 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.434887886 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.435698032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.435719013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.435812950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.436594009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.436659098 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.437335014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.438009977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.438260078 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.439148903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.439161062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.439249992 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.439744949 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.440304995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.440490961 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.441540956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.441553116 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.441649914 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.443656921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.444391966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.444971085 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.445168018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.445179939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.445188999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.445300102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.445878029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.445890903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.446046114 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.446664095 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.446676016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.446768045 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.447351933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.447364092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.447401047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.448134899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.448148012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.448230028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.448905945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.448918104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.448929071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.448981047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.449592113 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.449603081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.449958086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.450351000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.450361967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.450532913 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.451078892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.451091051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.451174974 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.451786041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.451817036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.451828003 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.452092886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.452558994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.452569008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.452606916 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.453299999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.453311920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.453439951 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.454041004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.454061985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.454231977 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.454775095 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.454787016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.455519915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.455532074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.455542088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.455544949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.455590010 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.455590010 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.456346035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.456357956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.457031012 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.457042933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.457060099 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.457221985 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.457757950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.457770109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.458307028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.458462000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.458481073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.458652020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.459213972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.459227085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.459237099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.459290028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.459959030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.459969997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.460050106 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.460756063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.460767031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.460870028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.461484909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.461497068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.461622953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.462229967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.462241888 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.462254047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.462280989 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.462352991 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.462924957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.462935925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.462979078 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.463542938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.463952065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.464140892 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.464452982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.464689016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.465342999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.465369940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.465543985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.465647936 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.466214895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.466399908 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.466475964 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.467238903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.467405081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.467459917 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.468200922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.468384027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.469151974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.469311953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.469336987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.470210075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.470349073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.470372915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.471112013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.471203089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.471291065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.471354008 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.472039938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.472280025 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.472997904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.473232985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.473256111 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.473495960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.474195004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.474308968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.474447012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.475068092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.475228071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.475805998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.475929976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.476121902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.476193905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.476938009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.477107048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.477160931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.477904081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.478085995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.478291035 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.478854895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.479052067 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.479247093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.479811907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.480005980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.480068922 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.480803967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.480925083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.481082916 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.756942034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.756958961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.757019997 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.758543968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.758554935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.759893894 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.759916067 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.760622025 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.760675907 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.762185097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.762197018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.763632059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.763659954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.763665915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.765077114 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.765192986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.765203953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.765239954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.768028021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.768042088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.769294024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.769464970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.769483089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.769526958 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.771308899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.772236109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.772968054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.773431063 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.773641109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.773776054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.775902987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.775914907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.777209997 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.777656078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.777683973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.777976990 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.778413057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.779232025 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.780913115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.780932903 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.780939102 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.781930923 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.782927990 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.783651114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.783679008 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.784586906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.784599066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785262108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785274029 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785300016 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.785787106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785806894 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785810947 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.785818100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.785856962 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.786088943 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.786569118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.786580086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.786689043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.787358046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.787369013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.788182020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.788193941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.788244009 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.788244009 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.788986921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.788997889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.789581060 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.789592981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.789602995 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.789603949 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.790263891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.790276051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.790288925 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.790473938 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.791043043 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.791054964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.791147947 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.791794062 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.791806936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.792490959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.792504072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.792514086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.792537928 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.793235064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.793246031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.793258905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.794054031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.794064999 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.794076920 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.794562101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.794776917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.794789076 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.794872999 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.795629978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.795641899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.796206951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.796216965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.796231031 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.796257019 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.796257019 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.796936035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.796947956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.797699928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.798424959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.798435926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.798444986 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.798609972 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.799307108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.799335957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.799987078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.800003052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.800013065 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.800014019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.800731897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.800744057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.800756931 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.801399946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.801412106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.801425934 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.802088022 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.802118063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.802149057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.802171946 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.803020954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.803031921 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.803042889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.803066015 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.803224087 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.803738117 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.803749084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.804371119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.804383039 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.804429054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.804429054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.805162907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.805180073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.805840969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.805865049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.805875063 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.805885077 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.806590080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.806602001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.806607962 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.807081938 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.807343960 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.807356119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.807380915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.808049917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.808068037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.808085918 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.808826923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.808840036 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.809547901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.809560061 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.811122894 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.951036930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.951788902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.951809883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.952605963 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.952644110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.955414057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.955426931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.956047058 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.956078053 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.956624031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.957068920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.958059072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.960223913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.960235119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.960251093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.961210012 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.961615086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.962318897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.963706017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.963720083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.963736057 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.965053082 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.965064049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.965078115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.965167046 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.967457056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.968039989 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.969350100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.969362974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.969376087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.969434023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.970765114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.970777035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.971920967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.971946955 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.972685099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.973743916 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.974478960 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.974498987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.975032091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.976073980 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.976085901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.977780104 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.977799892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.977807045 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.977812052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.978173971 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.978454113 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.978472948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.978535891 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.979154110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.979166985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.979953051 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.979964972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.980627060 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.980649948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.980671883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.981554985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.981574059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.981580973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.981590986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.981616020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.982223988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.982235909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.982659101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.983047009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.983059883 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.984009027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.984023094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.984036922 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.985066891 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.985080957 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.985090971 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.985095024 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.985783100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.985812902 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.985835075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.986670017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.986680984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.986705065 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.986742020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.987519979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.987540007 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.987574100 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.988392115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.988405943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989062071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989074945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989084959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989087105 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.989108086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.989777088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989789963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.989805937 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.990479946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.990499973 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.990506887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.991117001 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.991197109 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.991210938 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.991586924 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.992197037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.992218018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.992229939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.992551088 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.993098021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.993118048 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.993151903 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.993956089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.993968010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.994868040 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.994895935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.994896889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.995779991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.995825052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.995846987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.995896101 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.996525049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.996551037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.996562004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.996654987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.996654987 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.997229099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.997246981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.997302055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.998044014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.998056889 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.998101950 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.998950005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.998970032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.999730110 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.999742985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:29.999795914 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:29.999795914 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.000405073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.000417948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.000427961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.001013994 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.001095057 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.001106977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.001149893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.001878023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.001889944 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.001957893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.002556086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.002580881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.002655983 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.003506899 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.003532887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.003614902 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.004326105 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.004343987 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.004354954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.005031109 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.005039930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.005052090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.005497932 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.177391052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.177406073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.177478075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.178137064 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.178750038 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.179586887 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.180989981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.181010962 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.181124926 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.181940079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.182856083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.182913065 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.183538914 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.185400963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.185412884 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.185544014 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.187009096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.187190056 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.187901974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.188610077 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.189111948 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.189254999 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.190639019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.190649986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.190741062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.192950964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.193077087 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.193602085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.195168018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.195180893 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.195269108 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.196552992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.196576118 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.198102951 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.198131084 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.198745966 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.199341059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.201025963 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.201047897 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.201358080 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.202500105 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.202522993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.202541113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.203984022 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.204190969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.204732895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.204756021 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.204911947 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.205424070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.205436945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.205506086 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.206183910 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.206197023 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.206212044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.206248045 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.207053900 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.207066059 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.207492113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.207819939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.207832098 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.207947969 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.208606958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.208625078 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.208709955 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.209237099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.209249020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.209264994 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.209291935 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.209562063 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.209980011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.209991932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.210046053 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.210668087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.210694075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.210973978 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.211628914 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.211641073 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.212263107 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.212275028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213126898 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213140011 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213151932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213156939 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.213862896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213912010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.213927031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.214554071 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.214565992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.214581966 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.215157986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.215183020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.215187073 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.215603113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.216016054 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.216031075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.216051102 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.216073036 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.216111898 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.216555119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.216567993 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.216654062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.217346907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.217359066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.217614889 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.218074083 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.218086004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.218777895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.218792915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.218808889 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.219176054 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.219590902 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.219604969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.219615936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.220325947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.220338106 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.220352888 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.220990896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.221004009 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.221016884 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.221153975 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.221720934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.221740961 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.222510099 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.222522974 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.222537041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.222563028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.223160028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.223196030 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.223215103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.223967075 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.223979950 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.223994970 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.224709988 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.224723101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.224740028 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.224843025 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.225512028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.225529909 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226165056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226178885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226190090 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226213932 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.226877928 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226906061 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.226911068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.226933002 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.227679014 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.227699041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.227767944 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.228458881 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.228477001 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.229149103 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.229161978 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.229171991 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.229176044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.229198933 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.230025053 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.230051994 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.387703896 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.387758017 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.387821913 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.388024092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.388062954 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.388261080 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.388890028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.388932943 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.389132977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.389866114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.389908075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.389981985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.390604019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.390644073 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.390799046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.391495943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.391537905 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.391655922 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.392978907 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.392991066 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.393023968 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.393750906 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.393763065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.393790960 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.394367933 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.394407988 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.394686937 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.395061970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.395100117 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.395360947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.396027088 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.396199942 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.396244049 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.397031069 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.397080898 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.397213936 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.398035049 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.398101091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.398211002 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.399055958 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.399101973 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.399168968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.399940968 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.399979115 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.400104046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.400909901 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.400955915 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.401068926 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.401937962 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.401983023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.402082920 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.402837992 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.402879953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.403017044 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.403947115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.404000044 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.404066086 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.404784918 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.404829025 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.404967070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.405777931 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.405814886 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.405926943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.406759977 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.406800032 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.406966925 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.407711983 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.407752037 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.407855034 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.408720016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.408759117 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.408947945 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.409683943 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.409728050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.409821033 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.410640955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.410681009 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.410814047 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.411659956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.411801100 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.411809921 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.412569046 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.412614107 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.412769079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.413536072 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.413585901 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.413671017 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.414536953 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.414577007 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.414757967 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.415504932 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.415647984 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.415653944 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.416481018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.416536093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.416614056 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.417423010 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.417469978 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.417593956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.418437004 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.418586016 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.418642998 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.419409037 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.419536114 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.419581890 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.420339108 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.420375109 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.420521975 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.421338081 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.421385050 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.421680927 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.422327042 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.422378063 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.422555923 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.423316956 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.423358917 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.423437119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.424263954 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.424303055 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.424458027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.425199986 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.425245047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.425396919 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.426342964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.426378965 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.426526070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.427166939 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.427309990 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.427349091 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.428106070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.428359985 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.428404093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.429107904 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.429318905 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.429368019 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.430071115 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.430114031 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.430217981 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.431019068 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.431071997 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.431209087 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.432197094 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.432244062 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.432440996 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.433001041 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.433048010 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.433247089 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.433975935 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.434020042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.434150934 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.434937000 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.434983015 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.435127020 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.435908079 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.436108112 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.436151981 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.436942101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.437083006 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.437134027 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.437855005 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.437901020 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.437973976 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.579911947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.579972982 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.580041885 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.580424070 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.580468893 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.580744028 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.581291914 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.581340075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.581657887 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.581877947 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.581913948 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.582592964 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.582822084 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.582878113 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.583590984 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.583791018 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.584089994 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.584762096 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.584945917 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.585227013 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.585582972 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.585798979 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.585840940 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.586466074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.586664915 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.586702108 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.587469101 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.587661982 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.587697029 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.589037895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.589178085 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.589248896 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.589478970 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.589802027 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.589845896 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.590368032 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.590572119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.591360092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.591397047 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.591555119 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.592340946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.592379093 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.592524052 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.592560053 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.593306065 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.593508959 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.593548059 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.594309092 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.594594955 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.594624996 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.595268965 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.595460892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.595716953 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.596244097 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.596443892 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.597182035 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.597223043 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.597384930 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.598150969 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.598191023 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.598334074 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.598370075 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.599113941 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.599325895 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.599364042 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.600080013 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.600290060 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.600328922 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.601032019 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.603331089 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.608311892 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.611520052 CET497077575192.168.2.8104.37.175.221
                                Dec 4, 2024 14:47:30.729208946 CET757549707104.37.175.221192.168.2.8
                                Dec 4, 2024 14:47:30.731991053 CET757549707104.37.175.221192.168.2.8

                                Click to jump to process

                                Click to jump to process

                                Click to dive into process behavior distribution

                                Click to jump to process

                                Target ID:0
                                Start time:08:47:01
                                Start date:04/12/2024
                                Path:C:\Users\user\Desktop\wg7SDQAffQ.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\wg7SDQAffQ.exe"
                                Imagebase:0x400000
                                File size:2'764'800 bytes
                                MD5 hash:4A73123F397A6B45269DBEDB40622967
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                Target ID:3
                                Start time:08:47:18
                                Start date:04/12/2024
                                Path:C:\Users\user\Desktop\wg7SDQAffQ.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\wg7SDQAffQ.exe"
                                Imagebase:0x400000
                                File size:2'764'800 bytes
                                MD5 hash:4A73123F397A6B45269DBEDB40622967
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1598941917.0000000000940000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1601782738.0000000003150000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.1608679470.0000000000C50000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1601611392.0000000002F30000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                Target ID:4
                                Start time:08:47:20
                                Start date:04/12/2024
                                Path:C:\Windows\SysWOW64\svchost.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\System32\svchost.exe"
                                Imagebase:0x1c0000
                                File size:46'504 bytes
                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1602883606.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1607082421.0000000005490000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1699178661.0000000003350000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1606857189.0000000005270000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:high
                                Has exited:true

                                Target ID:7
                                Start time:08:47:21
                                Start date:04/12/2024
                                Path:C:\Windows\SysWOW64\WerFault.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 412
                                Imagebase:0x540000
                                File size:483'680 bytes
                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:8
                                Start time:08:47:30
                                Start date:04/12/2024
                                Path:C:\Windows\System32\fontdrvhost.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                Imagebase:0x7ff69ba10000
                                File size:827'408 bytes
                                MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                Target ID:10
                                Start time:08:47:33
                                Start date:04/12/2024
                                Path:C:\Windows\System32\WerFault.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\WerFault.exe -u -p 8016 -s 136
                                Imagebase:0x7ff724ab0000
                                File size:570'736 bytes
                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:0%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:7.8%
                                  Total number of Nodes:51
                                  Total number of Limit Nodes:0
                                  execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                  APIs
                                  • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-399585960
                                  • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                  • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                  • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                  • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                  APIs
                                  • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                  • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                  • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                  • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CommandLine
                                  • String ID:
                                  • API String ID: 3253501508-0
                                  • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                  • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                  • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                  • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                  • API String ID: 0-3677570488
                                  • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                  • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                  • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                  • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                  APIs
                                  • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                  • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                  • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                  • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                  • EmptyClipboard.USER32 ref: 004D9BF5
                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                  • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                  • CloseClipboard.USER32 ref: 004D9C13
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                  • String ID:
                                  • API String ID: 3392129136-0
                                  • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                  • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                  • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                  • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                  • API String ID: 0-590896439
                                  • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                  • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                  • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                  • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                  • API String ID: 0-188115620
                                  • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                  • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                  • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                  • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                  APIs
                                  • OpenClipboard.USER32(00000000), ref: 004D9C27
                                  • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                  • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                  • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                  • CloseClipboard.USER32 ref: 004D9C56
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Clipboard$Data$CloseOpen
                                  • String ID:
                                  • API String ID: 464010812-0
                                  • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                  • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                  • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                  • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $K$gfff$gfff$gfff
                                  • API String ID: 0-1048959944
                                  • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                  • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                  • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                  • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                  • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                  • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                  • String ID:
                                  • API String ID: 4094687451-0
                                  • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                  • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                  • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                  • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-227171996
                                  • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                  • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                  • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                  • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                  APIs
                                  • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                  • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Time$InformationSystemZone
                                  • String ID:
                                  • API String ID: 702727434-0
                                  • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                  • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                  • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                  • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                  APIs
                                  • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Heap$AllocProcess
                                  • String ID:
                                  • API String ID: 1617791916-0
                                  • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                  • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                  • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                  • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: R
                                  • API String ID: 0-1968290334
                                  • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                  • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                  • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                  • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                  APIs
                                  • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7742E820), ref: 004F9365
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CreateInstance
                                  • String ID:
                                  • API String ID: 542301482-0
                                  • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                  • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                  • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                  • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Version
                                  • String ID:
                                  • API String ID: 1889659487-0
                                  • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                  • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                  • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                  • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                  • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                  • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                  • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                  • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                  • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                  • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                  • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                  • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                  • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                  • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                  • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                  • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                  • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                  • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                  • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                  • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                  • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                  • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                  • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                  • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                  • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                  • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                  • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                  • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                  APIs
                                  • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                  • API String ID: 2978645861-761530088
                                  • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                  • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                  • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                  • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                  APIs
                                  • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: DestroyWindow
                                  • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                  • API String ID: 3375834691-1928458085
                                  • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                  • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                  • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                  • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                  Control-flow Graph

                                  APIs
                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                  • GetWindowRect.USER32(?,?), ref: 004DB531
                                  • GetClientRect.USER32(?,?), ref: 004DB541
                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                  • GetMenu.USER32(?), ref: 004DB581
                                  • SetMenu.USER32(?,00000000), ref: 004DB596
                                  • GetDesktopWindow.USER32 ref: 004DB5B0
                                  • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                  • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                  • GetClientRect.USER32(?,?), ref: 004DB6B7
                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                  • String ID:
                                  • API String ID: 3087884050-0
                                  • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                  • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                  • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                  • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                  APIs
                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                  • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                  • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: OpenQueryValue$CloseVersion
                                  • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                  • API String ID: 3944000476-502054578
                                  • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                  • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                  • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                  • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                  • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                  • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                  • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                  • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                  • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                  APIs
                                  • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                  • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                  • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                  • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                  • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                  • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CapsDevice$Start
                                  • String ID: portrait
                                  • API String ID: 1738886688-2504013051
                                  • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                  • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                  • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                  • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                  • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter$Timetime
                                  • String ID:
                                  • API String ID: 4022644143-0
                                  • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                  • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                  • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                  • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                  • timeGetTime.WINMM ref: 004F2A25
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                  • timeGetTime.WINMM(?), ref: 004F2A46
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$LeaveTimetime$Enter
                                  • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                  • API String ID: 2943255653-4242577526
                                  • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                  • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                  • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                  • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                  • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                  • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                  • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                  • timeGetTime.WINMM ref: 004011C5
                                  • timeGetTime.WINMM ref: 004011D5
                                  • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                  • timeGetTime.WINMM ref: 0040123E
                                  • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeaveTimetime
                                  • String ID:
                                  • API String ID: 3486229058-0
                                  • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                  • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                  • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                  • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                  APIs
                                  • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExchangeInterlocked
                                  • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                  • API String ID: 367298776-2876428247
                                  • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                  • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                  • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                  • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Enter$Leave
                                  • String ID:
                                  • API String ID: 2801635615-0
                                  • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                  • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                  • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                  • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                  • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                  • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                  • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: gethostbynamehtonlhtonsinet_addr
                                  • String ID: localhost
                                  • API String ID: 4009071410-2663516195
                                  • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                  • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                  • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                  • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                  APIs
                                  • timeGetTime.WINMM(00000000), ref: 004145E1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Timetime
                                  • String ID: gfff$gfff$gfff$gfff
                                  • API String ID: 17336451-2178600047
                                  • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                  • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                  • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                  • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                  APIs
                                  • timeKillEvent.WINMM(?), ref: 004D8B13
                                  • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                  • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                  • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                  • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                  • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                  • String ID:
                                  • API String ID: 3030913982-0
                                  • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                  • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                  • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                  • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                  APIs
                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                  • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: \\?\
                                  • API String ID: 823142352-4282027825
                                  • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                  • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                  • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                  • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                    • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7742E820,?,004DD732), ref: 004FA76A
                                    • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                    • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                    • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                  • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                  • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                  • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                  APIs
                                  • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                  • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                  • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Window$Long$Create
                                  • String ID: Dummy$STATIC
                                  • API String ID: 1733017098-132613206
                                  • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                  • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                  • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                  • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                  • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                  • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                  • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                  • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                  APIs
                                  • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                  • timeGetTime.WINMM(?,?), ref: 004F2792
                                  • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Timetime$CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 1404962471-0
                                  • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                  • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                  • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                  • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                  APIs
                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                  • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                  • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                  • __aulldiv.LIBCMT ref: 0052947B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                  • String ID:
                                  • API String ID: 1430435781-0
                                  • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                  • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                  • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                  • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                  • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                  • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                  • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                  APIs
                                  • CreateSolidBrush.GDI32(?), ref: 004D802E
                                  • SelectObject.GDI32(?,00000000), ref: 004D8044
                                  • FillRect.USER32(?,?,00000000), ref: 004D8067
                                  • SelectObject.GDI32(?,00000000), ref: 004D8075
                                  • DeleteObject.GDI32(00000000), ref: 004D8078
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                  • String ID:
                                  • API String ID: 3777265051-0
                                  • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                  • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                  • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                  • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                  • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                  • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Delete$EnterLeave
                                  • String ID:
                                  • API String ID: 3104255891-0
                                  • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                  • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                  • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                  • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                  APIs
                                  • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                  • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                  • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: AttributesFile$Version
                                  • String ID: \\?\
                                  • API String ID: 3849939888-4282027825
                                  • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                  • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                  • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                  • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                    • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7742FFB0), ref: 004F9B35
                                    • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                  • String ID: FriendlyName
                                  • API String ID: 904232820-3623505368
                                  • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                  • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                  • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                  • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                  APIs
                                  • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                  • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                  • DeleteDC.GDI32(00000000), ref: 004CADFF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Create$CompatibleDeleteObjectSection
                                  • String ID:
                                  • API String ID: 3137390749-0
                                  • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                  • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                  • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                  • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                  APIs
                                  • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                    • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                  • String ID:
                                  • API String ID: 188302963-0
                                  • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                  • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                  • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                  • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                  APIs
                                    • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                    • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                    • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                    • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                    • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                    • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                    • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                  • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                  • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$Devswave
                                  • String ID: echosuppression$gain
                                  • API String ID: 967401230-1829011300
                                  • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                  • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                  • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                  • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                  APIs
                                    • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                  • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                  • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7742FFB0), ref: 00509F3D
                                  • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                  • SetEvent.KERNEL32 ref: 00509F74
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalInitializeSection$Event$Create
                                  • String ID:
                                  • API String ID: 662013055-0
                                  • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                  • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                  • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                  • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                  APIs
                                  • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                  • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CompatibleCreateDirectorySystem
                                  • String ID: Macromed\Flash\
                                  • API String ID: 2606042488-1438515271
                                  • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                  • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                  • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                  • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                  • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                  • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                  • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                  • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                  • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                  • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                  • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                  • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1627410277.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.1627396768.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627503766.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627522776.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627572572.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627613118.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627649535.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627665059.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627678469.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627694437.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627707029.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627720224.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627734054.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627750781.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627773986.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.1627788619.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                  • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                  • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                  • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                  APIs
                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1599204027.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  • Associated: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Virtual$AllocFree
                                  • String ID:
                                  • API String ID: 2087232378-0
                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                  • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                  • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                  APIs
                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                    • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                    • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1599204027.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  • Associated: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Virtual$Alloc$Free$Protect
                                  • String ID: ,
                                  • API String ID: 1004437363-3772416878
                                  • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                  • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                  • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                  • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: __freea$__alloca_probe_16
                                  • String ID:
                                  • API String ID: 3509577899-0
                                  • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                  • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                  • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                  • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                  APIs
                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DF41
                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 0079DF4C
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                  • String ID:
                                  • API String ID: 1660781231-0
                                  • Opcode ID: d90aca4dad857a29fe80bca2436b8ef675b9c62b2889eb50cdf11c053e7ecedf
                                  • Instruction ID: cd75bdd96b5a1bfb71d7da4ef48f25aab6641282a445b5cabf4d25131736018d
                                  • Opcode Fuzzy Hash: d90aca4dad857a29fe80bca2436b8ef675b9c62b2889eb50cdf11c053e7ecedf
                                  • Instruction Fuzzy Hash: E4D022B4448742986C30B6F83C0706A138618267F03F04746F032CA4C1FBAC9C07722A
                                  APIs
                                  • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: String
                                  • String ID:
                                  • API String ID: 2568140703-0
                                  • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                  • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                  • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                  • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                  APIs
                                  • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: FreeVirtual
                                  • String ID:
                                  • API String ID: 1263568516-0
                                  • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                  • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                  • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                  • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                  APIs
                                  • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CloseHandle
                                  • String ID:
                                  • API String ID: 2962429428-0
                                  • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                  • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                  • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                  • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5
                                  APIs
                                  • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                  • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                  • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                  • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                  • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                  • EmptyClipboard.USER32 ref: 004D9BF5
                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                  • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                  • CloseClipboard.USER32 ref: 004D9C13
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                  • String ID:
                                  • API String ID: 3392129136-0
                                  • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                  • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                  • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                  • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                  • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                  • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                  • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1599204027.00000000007A9000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  • Associated: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                  • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                  • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                  • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                  • API String ID: 0-3677570488
                                  • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                  • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                  • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                  • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                  APIs
                                  • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                  • API String ID: 2978645861-761530088
                                  • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                  • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                  • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                  • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                  APIs
                                  • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: DestroyWindow
                                  • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                  • API String ID: 3375834691-1928458085
                                  • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                  • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                  • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                  • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                  APIs
                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                  • GetWindowRect.USER32(?,?), ref: 004DB531
                                  • GetClientRect.USER32(?,?), ref: 004DB541
                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                  • GetMenu.USER32(?), ref: 004DB581
                                  • SetMenu.USER32(?,00000000), ref: 004DB596
                                  • GetDesktopWindow.USER32 ref: 004DB5B0
                                  • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                  • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                  • GetClientRect.USER32(?,?), ref: 004DB6B7
                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                  • String ID:
                                  • API String ID: 3087884050-0
                                  • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                  • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                  • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                  • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                  APIs
                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                  • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                  • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: OpenQueryValue$CloseVersion
                                  • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                  • API String ID: 3944000476-502054578
                                  • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                  • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                  • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                  • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                  • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                  • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                  • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                  • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                  • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                  APIs
                                  • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                  • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                  • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                  • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                  • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                  • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CapsDevice$Start
                                  • String ID: portrait
                                  • API String ID: 1738886688-2504013051
                                  • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                  • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                  • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                  • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                  • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter$Timetime
                                  • String ID:
                                  • API String ID: 4022644143-0
                                  • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                  • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                  • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                  • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                  • timeGetTime.WINMM ref: 004F2A25
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                  • timeGetTime.WINMM(?), ref: 004F2A46
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$LeaveTimetime$Enter
                                  • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                  • API String ID: 2943255653-4242577526
                                  • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                  • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                  • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                  • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                  • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                  • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                  • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                  • timeGetTime.WINMM ref: 004011C5
                                  • timeGetTime.WINMM ref: 004011D5
                                  • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                  • timeGetTime.WINMM ref: 0040123E
                                  • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeaveTimetime
                                  • String ID:
                                  • API String ID: 3486229058-0
                                  • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                  • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                  • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                  • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                  APIs
                                  • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExchangeInterlocked
                                  • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                  • API String ID: 367298776-2876428247
                                  • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                  • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                  • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                  • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                  APIs
                                  • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                  • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                  • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                  • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                  • String ID: csm$csm$csm
                                  • API String ID: 2751267872-393685449
                                  • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                  • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                  • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                  • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Enter$Leave
                                  • String ID:
                                  • API String ID: 2801635615-0
                                  • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                  • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                  • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                  • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                  • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                  • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                  • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                  • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                  • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                  • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                  • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                  • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: localhost
                                  • API String ID: 0-2663516195
                                  • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                  • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                  • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                  • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                  APIs
                                  • timeGetTime.WINMM(00000000), ref: 004145E1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Timetime
                                  • String ID: gfff$gfff$gfff$gfff
                                  • API String ID: 17336451-2178600047
                                  • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                  • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                  • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                  • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                  APIs
                                  • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                  • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                  • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                  • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                  • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                  • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                  • String ID:
                                  • API String ID: 3030913982-0
                                  • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                  • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                  • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                  • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                  APIs
                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                  • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID: \\?\
                                  • API String ID: 823142352-4282027825
                                  • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                  • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                  • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                  • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                    • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                    • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                    • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                    • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                  • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                  • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                  • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                  APIs
                                  • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                  • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                  • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Window$Long$Create
                                  • String ID: Dummy$STATIC
                                  • API String ID: 1733017098-132613206
                                  • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                  • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                  • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                  • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                  • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                  • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                  • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                  • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                  APIs
                                  • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                  • timeGetTime.WINMM(?,?), ref: 004F2792
                                  • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Timetime$CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 1404962471-0
                                  • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                  • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                  • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                  • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                  APIs
                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                  • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                  • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                  • __aulldiv.LIBCMT ref: 0052947B
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                  • String ID:
                                  • API String ID: 1430435781-0
                                  • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                  • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                  • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                  • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                  • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                  • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                  • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                  APIs
                                  • CreateSolidBrush.GDI32(?), ref: 004D802E
                                  • SelectObject.GDI32(?,00000000), ref: 004D8044
                                  • FillRect.USER32(?,?,00000000), ref: 004D8067
                                  • SelectObject.GDI32(?,00000000), ref: 004D8075
                                  • DeleteObject.GDI32(00000000), ref: 004D8078
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                  • String ID:
                                  • API String ID: 3777265051-0
                                  • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                  • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                  • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                  • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                  • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                  • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Delete$EnterLeave
                                  • String ID:
                                  • API String ID: 3104255891-0
                                  • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                  • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                  • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                  • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                  APIs
                                  • OpenClipboard.USER32(00000000), ref: 004D9C27
                                  • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                  • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                  • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                  • CloseClipboard.USER32 ref: 004D9C56
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Clipboard$Data$CloseOpen
                                  • String ID:
                                  • API String ID: 464010812-0
                                  • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                  • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                  • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                  • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                  APIs
                                  • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                  • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                  • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: AttributesFile$Version
                                  • String ID: \\?\
                                  • API String ID: 3849939888-4282027825
                                  • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                  • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                  • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                  • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                    • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                    • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                  • String ID: FriendlyName
                                  • API String ID: 904232820-3623505368
                                  • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                  • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                  • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                  • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                  APIs
                                  • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                  • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                  • DeleteDC.GDI32(00000000), ref: 004CADFF
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Create$CompatibleDeleteObjectSection
                                  • String ID:
                                  • API String ID: 3137390749-0
                                  • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                  • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                  • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                  • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: AdjustPointer
                                  • String ID:
                                  • API String ID: 1740715915-0
                                  • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                  • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                  • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                  • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                  APIs
                                  • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                    • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                  • String ID:
                                  • API String ID: 188302963-0
                                  • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                  • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                  • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                  • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                  APIs
                                    • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                    • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                    • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                    • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                    • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                    • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                    • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                  • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                  • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$Devswave
                                  • String ID: echosuppression$gain
                                  • API String ID: 967401230-1829011300
                                  • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                  • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                  • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                  • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                  APIs
                                    • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                  • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                  • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                  • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                  • SetEvent.KERNEL32 ref: 00509F74
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalInitializeSection$Event$Create
                                  • String ID:
                                  • API String ID: 662013055-0
                                  • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                  • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                  • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                  • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                  APIs
                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                  Memory Dump Source
                                  • Source File: 00000003.00000003.1602856177.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_3_770000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: Value___vcrt_
                                  • String ID:
                                  • API String ID: 1426506684-0
                                  • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                  • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                  • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                  • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                  APIs
                                  • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                  • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CompatibleCreateDirectorySystem
                                  • String ID: Macromed\Flash\
                                  • API String ID: 2606042488-1438515271
                                  • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                  • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                  • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                  • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$Enter
                                  • String ID:
                                  • API String ID: 2978645861-0
                                  • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                  • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                  • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                  • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                  • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                  • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                  • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                  • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                  APIs
                                  • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                  • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                  • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                  • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.1606986957.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000003.00000002.1606956226.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607167486.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607203157.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000003.00000002.1607291475.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_400000_wg7SDQAffQ.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave
                                  • String ID:
                                  • API String ID: 3168844106-0
                                  • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                  • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                  • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                  • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                  APIs
                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02D00326
                                    • Part of subcall function 02D000A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D000CD
                                    • Part of subcall function 02D000A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D00279
                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02D00378
                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 02D003E7
                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D00407
                                  • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 02D0042E
                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02D00456
                                  • CloseHandle.KERNELBASE(?), ref: 02D00471
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000003.1603091754.0000000002D00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_3_2d00000_svchost.jbxd
                                  Similarity
                                  • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                  • String ID: ,
                                  • API String ID: 3867569247-3772416878
                                  • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                  • Instruction ID: 99f4ddfd7ae2d87b3e8e290c197486888a4635af72860f95b2ee9054c8902240
                                  • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                  • Instruction Fuzzy Hash: 4A6109B5900209FFDB20DFA5C884BDEBBB9FF08355F14851AE959A7290D770E940CB64
                                  APIs
                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 02D000CD
                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 02D00279
                                  Memory Dump Source
                                  • Source File: 00000004.00000003.1603091754.0000000002D00000.00000040.00000001.00020000.00000000.sdmp, Offset: 02D00000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_3_2d00000_svchost.jbxd
                                  Similarity
                                  • API ID: Virtual$AllocFree
                                  • String ID:
                                  • API String ID: 2087232378-0
                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                  • Instruction ID: c13db10da187f4139451768dc89fd4f066d9ba81e1c35e0481d7453749f545cb
                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                  • Instruction Fuzzy Hash: E5717C71A04249EFDB41CFA8C981BEDBBF0AB09315F248095E5A5F7391C334AA91CF65

                                  Execution Graph

                                  Execution Coverage:33.4%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:83.3%
                                  Total number of Nodes:24
                                  Total number of Limit Nodes:0
                                  execution_graph 415 2ab524e1cf4 417 2ab524e1d19 415->417 416 2ab524e1fa1 417->416 426 2ab524e15c0 417->426 419 2ab524e1f98 CloseHandle 419->416 420 2ab524e1f88 NtAcceptConnectPort 420->419 421 2ab524e1e3a 421->419 421->420 423 2ab524e1ecd 421->423 429 2ab524e0ac8 421->429 423->423 435 2ab524e1aa4 NtAcceptConnectPort 423->435 427 2ab524e15f4 NtAcceptConnectPort 426->427 427->421 430 2ab524e0c62 429->430 431 2ab524e0ae8 429->431 430->423 431->430 432 2ab524e0be8 NtAcceptConnectPort 431->432 432->430 433 2ab524e0c1b 432->433 433->430 434 2ab524e0c33 NtAcceptConnectPort 433->434 434->430 436 2ab524e1af7 435->436 437 2ab524e1c04 435->437 441 2ab524e1870 436->441 437->420 439 2ab524e1b10 440 2ab524e1bb6 NtAcceptConnectPort 439->440 440->437 443 2ab524e1889 441->443 442 2ab524e1949 442->439 443->442 444 2ab524e1930 GetProcessMitigationPolicy 443->444 444->442

                                  Callgraph

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID: AcceptCloseConnectHandlePort
                                  • String ID:
                                  • API String ID: 3811980168-0
                                  • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                  • Instruction ID: e1a79d5e86e5f791da1c2f2bb88a4fadbb03fc61f78baa05d8e5f43dae5ada6a
                                  • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                  • Instruction Fuzzy Hash: 1891D530A48E088FE765EB18C485BE5B3E1FB89310F54465EE59FC7296DB34A942C783

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID: AcceptConnectPort
                                  • String ID:
                                  • API String ID: 1658770261-0
                                  • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                  • Instruction ID: 38b949877dd13f5f60baf5c12fa00d8e4f249f28a463d804f975517c3a083bfa
                                  • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                  • Instruction Fuzzy Hash: 43512430E18A150FF32DA6389899279B7D0F78A305F74159ED2F3C5193EE24C646C683

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID: AcceptConnectPort$MitigationPolicyProcess
                                  • String ID:
                                  • API String ID: 2923266908-0
                                  • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                  • Instruction ID: 1dd0ba0415f846d2051ecaf0572ed3b304d968bda8ac45b4f7fa09abfcd5b7ca
                                  • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                  • Instruction Fuzzy Hash: ED41E030608B488FDB44DF2C88897A57B90EB5A320F04439EE95ECB2D7DB34C945C796

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 118 2ab524e15c0-2ab524e15f2 119 2ab524e15f9-2ab524e15fb 118->119 120 2ab524e15f4-2ab524e15f7 118->120 122 2ab524e15fd-2ab524e1609 119->122 123 2ab524e160b-2ab524e160d 119->123 121 2ab524e161f-2ab524e166d NtAcceptConnectPort 120->121 122->121 124 2ab524e160f-2ab524e161b 123->124 125 2ab524e161d 123->125 124->121 125->121
                                  APIs
                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000002AB524E1E3A), ref: 000002AB524E1654
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID: AcceptConnectPort
                                  • String ID:
                                  • API String ID: 1658770261-0
                                  • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                  • Instruction ID: 1e920ca46449cbe13a00ff0be633688e6065e4bb522e0bb05837bb43e47a19ee
                                  • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                  • Instruction Fuzzy Hash: EE219671A08B048FEB55DF28C4C9665F7E1FB69305F440A2EE54EC7251DB30D984CB42

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 95 2ab524e1870-2ab524e18a0 call 2ab524e08a4 * 2 100 2ab524e18a6-2ab524e18a9 95->100 101 2ab524e1954-2ab524e195b 95->101 100->101 102 2ab524e18af-2ab524e18b9 100->102 102->101 103 2ab524e18bf-2ab524e18c4 102->103 103->101 104 2ab524e18ca-2ab524e18d7 103->104 104->101 105 2ab524e18d9-2ab524e18e1 104->105 105->101 106 2ab524e18e3-2ab524e18ee 105->106 106->101 107 2ab524e18f0-2ab524e18f7 106->107 107->101 108 2ab524e18f9-2ab524e18fc 107->108 108->101 109 2ab524e18fe-2ab524e1906 108->109 109->101 110 2ab524e1908-2ab524e190b 109->110 110->101 111 2ab524e190d-2ab524e1916 110->111 111->101 112 2ab524e1918-2ab524e191c 111->112 112->101 113 2ab524e191e-2ab524e192e 112->113 113->101 115 2ab524e1930-2ab524e1947 GetProcessMitigationPolicy 113->115 115->101 116 2ab524e1949-2ab524e194e 115->116 116->101 117 2ab524e1950-2ab524e1951 116->117 117->101
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID: MitigationPolicyProcess
                                  • String ID:
                                  • API String ID: 1088084561-0
                                  • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                  • Instruction ID: a9265b3ce496c10dab15818a80740dcc7c71f74b9153d58baf4a1d63d0ff17d1
                                  • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                  • Instruction Fuzzy Hash: 7331B430F41A074BFBA6966884987F1B7D0EBA9310F9411A9C21ADB0D2EF25CE49C653
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.1820888422.000002AB524E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002AB524E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_2ab524e0000_fontdrvhost.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                  • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                  • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                  • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F